CVE-2024-12799

CRITICAL

OpenText Identity Manager <4.8.7.0102, 4.9.0.0 - Privilege Escalation

Title source: llm

Description

Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.

References (1)

[Various Sources] https://portal.microfocus.com/s/article/KM000037455

Scores

CVSS v4 10.0

EPSS 0.0019

EPSS Percentile 40.4%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-522

Status published

Products (2)

OpenText/Identity Manager Advanced Edition 4.8.0.0 - 4.8.7.0102

OpenText/Identity Manager Advanced Edition 4.9.0.0

Published Mar 05, 2025

Tracked Since Feb 18, 2026