PT-2025-9833 · Opentext · Opentext Identity Manager Advanced Edition
Published
2025-03-05
·
Updated
2025-05-11
·
CVE-2024-12799
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:H/U:Red |
Name of the Vulnerable Software and Affected Versions
OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.9.0.0
Description
The issue is related to insufficiently protected credentials, allowing an authenticated user to obtain higher privileged user’s sensitive information via a crafted payload. This could lead to privilege abuse.
Recommendations
For versions 4.8.0.0 through 4.8.7.0102, update to a version outside of this range to mitigate the risk.
For version 4.9.0.0, update to a version outside of this range to mitigate the risk.
As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Identity Manager Advanced Edition