CVE-2025-13478

HIGH

Cache Misconfiguration Leading to Cross-User Data Exposure

Title source: cna

Description

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2(v4.10.1).

References (2)

https://docs.microfocus.com/doc/2159/25.2/cvesecurityfix

[Release Notes] https://docs.microfocus.com/doc/2159/25.2/releasenotesidentitymanager4101patch01

Scores

CVSS v4 8.4

EPSS 0.0024

EPSS Percentile 46.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

OpenText/Identity Manager 25.2(v4.10.1)

Published Mar 27, 2026

Tracked Since Mar 29, 2026