Products
OpenText Identity Manager AzureAD Driver
- before 5.1.4.0
Source
security@opentext.com
Tags
CVE-2021-22518 details
Published : Sept. 12, 2024, 1:15 p.m.
Last Modified : Sept. 12, 2024, 6:14 p.m.
Last Modified : Sept. 12, 2024, 6:14 p.m.
Description
A vulnerability identified in OpenTextâ„¢ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0
CVSS Score
| 1 | 2 | 3 | 4 | 5.8 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-532 | Insertion of Sensitive Information into Log File | Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
5.8
Exploitability Score
0.3
Impact Score
5.5
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
References
| URL | Source |
|---|---|
| https://www.netiq.com/documentation/identity-manager-48-drivers/AzureADDriver514/data/AzureADDriver514.html | security@opentext.com |
This website uses the NVD API, but is not approved or certified by it.