Primary

Context

OpenText Identity Manager Cache Misconfiguration Vulnerability Allowing Session Data Access

Vulnerability

A cache misconfiguration vulnerability has been identified in OpenText Identity Manager version 25.2 (v4.10.1) on both Windows and Linux. This vulnerability allows remote authenticated users to access another user's session data due to improper handling of application cache. The issue arises from insecure application cache management, which can be exploited to retrieve sensitive session information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to another user's session data, potentially allowing for session hijacking or impersonation.

Remediation

Users can update to OpenText Identity Manager version 25.2.0.0100 (v4.10.1.0100) to address this vulnerability. This patch is available through the Software License and Download portal.

Added: Mar 27, 2026, 2:19 PM

Updated: Mar 27, 2026, 2:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenText Identity Manager Cache Misconfiguration Vulnerability Allowing Session Data Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating