CVE-2024-12799 Overview
CVE-2024-12799 is an Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition affecting Windows and Linux 64-bit platforms. This vulnerability allows authenticated users to obtain sensitive information belonging to higher-privileged users through crafted payloads, enabling privilege abuse attacks.
Critical Impact
This vulnerability carries a maximum CVSS 4.0 score of 10.0, indicating the potential for complete compromise of system confidentiality, integrity, and availability with subsequent system impact.
Affected Products
- OpenText Identity Manager Advanced Edition versions 4.8.0.0 through 4.8.7.0102
- OpenText Identity Manager Advanced Edition version 4.9.0.0
- Affected platforms: Windows and Linux (64-bit)
Discovery Timeline
- 2025-03-05 - CVE CVE-2024-12799 published to NVD
- 2025-03-05 - Last updated in NVD database
Technical Details for CVE-2024-12799
Vulnerability Analysis
This vulnerability falls under CWE-522 (Insufficiently Protected Credentials), indicating that the application fails to adequately protect credential information during storage, transmission, or processing. In OpenText Identity Manager Advanced Edition, an authenticated attacker can exploit this weakness to extract sensitive information from users with higher privileges.
The vulnerability is network-accessible and requires no user interaction, making it particularly dangerous in enterprise environments where Identity Manager serves as a central authentication and authorization platform. The attack can be executed with low complexity once an attacker has authenticated access to the system.
Root Cause
The root cause stems from insufficient protection mechanisms for credential data within OpenText Identity Manager Advanced Edition. The application does not properly secure sensitive credential information, allowing authenticated users to access data that should be restricted to higher-privileged accounts. This represents a fundamental failure in the access control and credential protection architecture of the affected versions.
Attack Vector
The attack is network-based and requires authenticated access to the OpenText Identity Manager system. Once authenticated, even with low-privilege credentials, an attacker can craft malicious payloads designed to extract sensitive information from higher-privileged user accounts. This could include credential data, session tokens, or other authentication materials that would enable privilege escalation.
The attack does not require user interaction and can be automated once initial access is obtained. The network accessibility combined with no user interaction requirement significantly increases the exploitability of this vulnerability in enterprise environments.
Detection Methods for CVE-2024-12799
Indicators of Compromise
- Unusual API requests or queries targeting user credential stores from low-privileged accounts
- Authentication log anomalies showing access patterns inconsistent with user roles
- Unexpected data extraction operations involving privileged user account information
- Suspicious payload patterns in Identity Manager request logs
Detection Strategies
- Monitor Identity Manager application logs for credential access attempts by users querying accounts with higher privilege levels
- Implement anomaly detection for API calls that attempt to retrieve user credential information outside normal operational patterns
- Review authentication audit trails for signs of privilege escalation or credential harvesting activities
- Deploy network monitoring to detect unusual data exfiltration patterns from Identity Manager servers
Monitoring Recommendations
- Enable verbose logging on OpenText Identity Manager to capture all credential-related operations
- Configure alerts for any cross-privilege-level credential queries or data access attempts
- Implement real-time monitoring of Identity Manager API endpoints for malformed or suspicious payload structures
- Establish baseline behavioral patterns for legitimate Identity Manager usage to identify deviations
How to Mitigate CVE-2024-12799
Immediate Actions Required
- Review your OpenText Identity Manager deployment to determine if you are running affected versions (4.8.0.0 through 4.8.7.0102 or 4.9.0.0)
- Consult the Micro Focus Article KM000037455 for official vendor guidance and patches
- Audit user accounts with access to Identity Manager and enforce the principle of least privilege
- Implement additional network segmentation to restrict access to Identity Manager systems
Patch Information
OpenText has released security guidance addressing this vulnerability. Organizations should consult the official vendor advisory at Micro Focus Article KM000037455 for specific patch information and update procedures. Given the critical severity rating, immediate patching is strongly recommended for all affected deployments.
Workarounds
- Restrict network access to Identity Manager systems to only essential personnel and services until patches can be applied
- Implement additional authentication controls and monitoring for all Identity Manager user accounts
- Consider temporarily isolating Identity Manager systems from the broader network if patching cannot be immediately performed
- Enable enhanced audit logging to detect potential exploitation attempts
# Example: Restrict network access to Identity Manager (adjust IPs as needed)
# Add firewall rules to limit access to trusted networks only
iptables -A INPUT -p tcp --dport 443 -s trusted_network/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
