Primary

Context

OpenText Identity Manager Advanced Edition Insufficiently Protected Credentials Vulnerability Allowing Privilege Abuse

Vulnerability

A vulnerability allowing insufficiently protected credentials has been identified in OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.8.7.0102 and 4.9.0.0 on Windows and Linux (64-bit). This vulnerability could enable an authenticated user to access sensitive information of higher privileged users through crafted payloads, facilitating privilege abuse.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information of higher privileged users, allowing for potential privilege abuse.

Remediation

To address this vulnerability, users can stop the Tomcat service running Identity Applications, back up the UIRegistry.jar file, and then replace it with a patched version. Instructions for applying the patch vary depending on the specific version of Identity Manager in use.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenText Identity Manager Advanced Edition Insufficiently Protected Credentials Vulnerability Allowing Privilege Abuse

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating