PT-2026-28272 · Opentext · Opentext Identity Manager
Th Köln
·
Publicado
2026-03-27
·
Atualizado
2026-03-27
·
CVE-2025-13478
CVSS v4.0
8.4
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OpenText Identity Manager version 25.2(v4.10.1)
Description
A cache misconfiguration allows remotely authenticated users to obtain another user's session data through insecure application cache handling. The issue affects OpenText Identity Manager on Windows and Linux systems.
Recommendations
Update OpenText Identity Manager to a version that addresses the insecure application cache handling.
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Opentext Identity Manager