CVE-2025-13478
8.4
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
Summary
Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2(v4.10.1).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OpenText | Identity Manager | 25.2(v4.10.1) | affected |
Weaknesses
- CWE-522: CWE-522 Insufficiently Protected Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://docs.microfocus.com/doc/2159/25.2/cvesecurityfix
- https://docs.microfocus.com/doc/2159/25.2/releasenotesidentitymanager4101patch01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.