CVE-2022-26322

Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:netiq:identity_manager_rest_driver:*:*:*:*:*:*:*:*

History

02 Oct 2024, 15:03

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netiq:identity_manager_rest_driver::::::::
References	~~() https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html -~~	() https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.9~~	v2 : unknown v3 : 7.5
First Time		Netiq Netiq identity Manager Rest Driver
Summary		(es) Se ha descubierto una vulnerabilidad de posible inserción de información confidencial en el archivo de registro en Identity Manager en el controlador REST de OpenText™ Identity Manager. Esto afecta a las versiones anteriores a la 1.1.2.0200.

12 Sep 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-12 13:15

Updated : 2024-10-02 15:03

NVD link : CVE-2022-26322

Mitre link : CVE-2022-26322

CVE.ORG link : CVE-2022-26322

JSON object : View

Products Affected

netiq

identity_manager_rest_driver

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2022-26322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-09-12T13:15:10.620", "references": [{"url": "https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText\u2122 \nIdentity Manager REST Driver. This impact version before 1.1.2.0200."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de posible inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en Identity Manager en el controlador REST de OpenText\u2122 Identity Manager. Esto afecta a las versiones anteriores a la 1.1.2.0200."}], "lastModified": "2024-10-02T15:03:41.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netiq:identity_manager_rest_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16F4D461-D05F-44D7-B21A-1196BBC1BB83", "versionEndExcluding": "1.1.2.0200"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}