Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Identity Manager Advanced Edition by OpenText
CVE-2024-12799 (GCVE-0-2024-12799)
Vulnerability from cvelistv5 – Published: 2025-03-05 14:55 – Updated: 2025-03-05 16:21
VLAI
Title
Insufficiently Protected Credentials
Summary
Insufficiently Protected Credentials
vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,
64 bit allows Privilege Abuse. This vulnerability could allow an
authenticated user to obtain higher privileged user’s sensitive information via
crafted payload.
This issue affects Identity Manager Advanced
Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | Identity Manager Advanced Edition |
Affected:
4.8.0.0 , ≤ 4.8.7.0102
(rpm, exe)
Affected: 4.9.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:21:13.192081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:21:23.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Identity Manager Advanced Edition",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "4.8.7.0102",
"status": "affected",
"version": "4.8.0.0",
"versionType": "rpm, exe"
},
{
"status": "affected",
"version": "4.9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eInsufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. \u003c/b\u003e\u003cb\u003eThis vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.\u003c/b\u003e\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. This vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\n\nThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T14:55:55.363Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000037455"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-12799",
"datePublished": "2025-03-05T14:55:55.363Z",
"dateReserved": "2024-12-19T15:22:32.158Z",
"dateUpdated": "2025-03-05T16:21:23.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12799 (GCVE-0-2024-12799)
Vulnerability from nvd – Published: 2025-03-05 14:55 – Updated: 2025-03-05 16:21
VLAI
Title
Insufficiently Protected Credentials
Summary
Insufficiently Protected Credentials
vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,
64 bit allows Privilege Abuse. This vulnerability could allow an
authenticated user to obtain higher privileged user’s sensitive information via
crafted payload.
This issue affects Identity Manager Advanced
Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | Identity Manager Advanced Edition |
Affected:
4.8.0.0 , ≤ 4.8.7.0102
(rpm, exe)
Affected: 4.9.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:21:13.192081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:21:23.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"Linux",
"64 bit"
],
"product": "Identity Manager Advanced Edition",
"vendor": "OpenText",
"versions": [
{
"lessThanOrEqual": "4.8.7.0102",
"status": "affected",
"version": "4.8.0.0",
"versionType": "rpm, exe"
},
{
"status": "affected",
"version": "4.9.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eInsufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. \u003c/b\u003e\u003cb\u003eThis vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cb\u003eThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.\u003c/b\u003e\u003c/p\u003e"
}
],
"value": "Insufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. This vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\n\nThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T14:55:55.363Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000037455"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficiently Protected Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-12799",
"datePublished": "2025-03-05T14:55:55.363Z",
"dateReserved": "2024-12-19T15:22:32.158Z",
"dateUpdated": "2025-03-05T16:21:23.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}