CVE-2024-11604

HIGH

Insertion of Sensitive Information into Log File

Title source: cna

Description

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.

References (2)

[Release Notes] https://www.netiq.com/documentation/identity-manager-48-drivers/SCIMDriver1.0.1.0400_readme/data/SCIMDriver1.0.1.0400_readme.html

[Release Notes] https://www.netiq.com/documentation/identity-manager-49-drivers/SCIMDriver1.1.0.0100_readme/data/SCIMDriver1.1.0.0100_readme.html

Scores

CVSS v4 7.3

EPSS 0.0002

EPSS Percentile 5.1%

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:C/RE:M/U:Red

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-532

Status published

Products (2)

OpenText/IDM Driver and Extensions 1.0.0.0000 - 1.0.1.0300

OpenText/IDM Driver and Extensions 1.1.0.0000

Published Mar 27, 2026

Tracked Since Mar 29, 2026