OpenText
OpenText Identity Manager, a comprehensive identity management suite used by organizations to manage user identities and access, has been found to have a critical vulnerability. The flaw, tracked as CVE-2024-12799 and assigned a CVSS score of 10, could allow an authenticated attacker to gain access to sensitive information belonging to higher-privileged users.
The vulnerability affects OpenText Identity Manager Advanced Edition versions up to 4.9.0.0. The issue stems from insufficiently protected credentials, which could be exploited by attackers using a crafted payload.
“This vulnerability allows an authenticated user to obtain higher privileged user’s sensitive information via a crafted payload,” warns OpenText in its security advisory.
OpenText has released mitigation steps to address the vulnerability for affected versions of Identity Manager. These steps involve stopping the Tomcat service, backing up the UIRegistry.jar file, and replacing it with an updated version provided by OpenText.
For versions 4.8.6 and below, additional steps are required, including downloading and installing a specific Java Development Kit (JDK) and manually updating class files within the UIRegistry.jar file.
Organizations using OpenText Identity Manager are urged to review the security advisory and implement the recommended mitigation steps as soon as possible to protect against potential attacks. The advisory includes detailed instructions for different versions of Identity Manager, ensuring that users can effectively address the vulnerability and secure their systems.
