CVE-2024-12799 CRITICAL

CVE-2024-12799: Insufficiently Protected Credentials

Vendor Opentext
Product Identity Manager Advanced Edition
Weakness CWE-522 · Insufficiently protected credentials
Published March 5, 2025
Last update March 5, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red

What the vulnerability does

01Description

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.

Key dates

02Disclosure timeline

March 5, 2025 CVE published
March 5, 2025 Record updated