CVE-2022-26329

LOW

NetIQ Identity Manager <4.8.5 - Info Disclosure

Title source: llm

Description

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.

References (1)

[Various Sources] https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html

Scores

CVSS v3 1.8

EPSS 0.0023

EPSS Percentile 45.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-538 CWE-668

Status published

Products (1)

netiq/identity_manager < 4.8.5

Published Jan 26, 2023

Tracked Since Feb 18, 2026