PT-2026-28272 · Opentext · Opentext Identity Manager
Th Köln
·
Published
2026-03-27
·
Updated
2026-03-27
·
CVE-2025-13478
CVSS v4.0
8.4
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
OpenText Identity Manager version 25.2(v4.10.1)
Description
A cache misconfiguration allows remotely authenticated users to obtain another user's session data through insecure application cache handling. The issue affects OpenText Identity Manager on Windows and Linux systems.
Recommendations
Update OpenText Identity Manager to a version that addresses the insecure application cache handling.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Identity Manager