CVE-2024-12799

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.

CVSS

No CVSS.

References

Link	Resource
https://portal.microfocus.com/s/article/KM000037455

Configurations

No configuration.

History

05 Mar 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-05 15:15

Updated : 2025-03-05 15:15

NVD link : CVE-2024-12799

Mitre link : CVE-2024-12799

CVE.ORG link : CVE-2024-12799

JSON object : View

Products Affected

No product.

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-12799", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 10.0, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:H/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-05T15:15:13.127", "references": [{"url": "https://portal.microfocus.com/s/article/KM000037455", "source": "security@opentext.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials\nvulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,\n64 bit allows Privilege Abuse. This vulnerability could allow an\nauthenticated user to obtain higher privileged user\u2019s sensitive information via\ncrafted payload.\n\nThis issue affects Identity Manager Advanced\nEdition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0."}], "lastModified": "2025-03-05T15:15:13.127", "sourceIdentifier": "security@opentext.com"}

CVE-2024-12799

JSON object

Attach tags to CVE-2024-12799

Attach tags to `CVE-2024-12799`