CVE-2024-12799
CRITICALOpenText Identity Manager <4.8.7.0102, 4.9.0.0 - Privilege Escalation
Title source: llmDescription
Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.
References (1)
Core 1
Core References
Various Sources
https://portal.microfocus.com/s/article/KM000037455
Scores
CVSS v4
10.0
EPSS
0.0036
EPSS Percentile
27.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-522
Status
published
Products (2)
OpenText/Identity Manager Advanced Edition
4.8.0.0 - 4.8.7.0102
OpenText/Identity Manager Advanced Edition
4.9.0.0
Published
Mar 05, 2025
Tracked Since
Feb 18, 2026