CVE-2024-12799: Insufficiently Protected Credentials

10.0 CVSS

Description

Insufficiently Protected Credentials
vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux,
64 bit allows Privilege Abuse. This vulnerability could allow an
authenticated user to obtain higher privileged user’s sensitive information via
crafted payload.

This issue affects Identity Manager Advanced
Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0.

Classification

CVE ID: CVE-2024-12799

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:H/U:Red

Problem Types

CWE-522 Insufficiently Protected Credentials

Affected Products

Vendor: OpenText

Product: Identity Manager Advanced Edition

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 12.49% (scored less or equal to compared to others)

EPSS Date: 2025-04-02 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-12799
https://portal.microfocus.com/s/article/KM000037455

Timeline

2025-03-05 15:40:21 UTC
CVE

Insufficiently Protected Credentials