CVE-2017-7589

Name of the Vulnerable Software and Affected Versions OpenIDM versions prior to 4.5.0

Description The issue is related to a missing access-control check in the info endpoint, which may leak sensitive information when a request is made by the "anonymous" user. This can be demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings, specifically in the script located at bin/defaults/script/info/login.js.

Recommendations For OpenIDM versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the info endpoint to prevent potential information leakage.