CVE-2022-26322

Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Possible Insertion of Sensitive Information into Log File Vulnerability

in Identity Manager has been discovered in
OpenText™
Identity Manager REST Driver. This impact version before 1.1.2.0200.

*Credits: N/A

CVSS Scores

OpenTextv3.1 4.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-02-28 CVE Reserved
2024-09-12 CVE Published
2024-09-12 CVE Updated
2024-10-03 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-532: Insertion of Sensitive Information into Log File

CAPEC

CAPEC-215: Fuzzing for application mapping
CAPEC-261: Fuzzing for garnering other adjacent user/sensitive data

References (1)

URL	Tag	Source
https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
OpenText Search vendor "OpenText"		Identity Manager REST Driver 1.1.2.0200 Search vendor "OpenText" for product "Identity Manager REST Driver 1.1.2.0200"				>= 1.0.0.0000 <= 1.1.2.0200 Search vendor "OpenText" for product "Identity Manager REST Driver 1.1.2.0200" and version " >= 1.0.0.0000 <= 1.1.2.0200"		en		Affected