Refine your search
1 vulnerability found for Identity Manager Advanced Edition by OpenText
CVE-2024-12799 (GCVE-0-2024-12799)
Vulnerability from cvelistv5
Published
2025-03-05 14:55
Modified
2025-03-05 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
Insufficiently Protected Credentials
vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,
64 bit allows Privilege Abuse. This vulnerability could allow an
authenticated user to obtain higher privileged user’s sensitive information via
crafted payload.
This issue affects Identity Manager Advanced
Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | Identity Manager Advanced Edition |
Version: 4.8.0.0 Version: 4.9.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:21:13.192081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:21:23.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Identity Manager Advanced Edition",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "4.8.7.0102",
"status": "affected",
"version": "4.8.0.0",
"versionType": "rpm, exe"
},
{
"status": "affected",
"version": "4.9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eInsufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. \u003c/b\u003e\u003cb\u003eThis vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.\u003c/b\u003e\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. This vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\n\nThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T14:55:55.363Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000037455"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-12799",
"datePublished": "2025-03-05T14:55:55.363Z",
"dateReserved": "2024-12-19T15:22:32.158Z",
"dateUpdated": "2025-03-05T16:21:23.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}