CVE-2022-26322 (GCVE-0-2022-26322)

Vulnerability from cvelistv5 – Published: 2024-09-12 12:40 – Updated: 2024-09-12 12:58
VLAI?
Title
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager
Summary
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.
Severity ?
4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
Vendor Product Version
OpenText Identity Manager REST Driver 1.1.2.0200 Affected: 1.0.0.0000 , ≤ 1.1.2.0200 (rpm, exe)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T12:58:26.895450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T12:58:37.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows",
            "Linux",
            "64 bit"
          ],
          "product": "Identity Manager REST Driver 1.1.2.0200",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThanOrEqual": "1.1.2.0200",
              "status": "affected",
              "version": "1.0.0.0000",
              "versionType": "rpm, exe"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \n\u003cstrong\u003e\u003c/strong\u003eIdentity Manager REST Driver. This impact version before 1.1.2.0200\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
            }
          ],
          "value": "Possible Insertion of Sensitive Information into Log File Vulnerability\n\nin Identity Manager has been discovered in\nOpenText\u2122 \nIdentity Manager REST Driver. This impact version before 1.1.2.0200."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-215",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-215 Fuzzing for application mapping"
            }
          ]
        },
        {
          "capecId": "CAPEC-261",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532 Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-12T12:40:22.648Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2022-26322",
    "datePublished": "2024-09-12T12:40:22.648Z",
    "dateReserved": "2022-02-28T21:48:42.460Z",
    "dateUpdated": "2024-09-12T12:58:37.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netiq:identity_manager_rest_driver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.1.2.0200\", \"matchCriteriaId\": \"16F4D461-D05F-44D7-B21A-1196BBC1BB83\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Possible Insertion of Sensitive Information into Log File Vulnerability\\n\\nin Identity Manager has been discovered in\\nOpenText\\u2122 \\nIdentity Manager REST Driver. This impact version before 1.1.2.0200.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto una vulnerabilidad de posible inserci\\u00f3n de informaci\\u00f3n confidencial en el archivo de registro en Identity Manager en el controlador REST de OpenText\\u2122 Identity Manager. Esto afecta a las versiones anteriores a la 1.1.2.0200.\"}]",
      "id": "CVE-2022-26322",
      "lastModified": "2024-10-02T15:03:41.997",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-09-12T13:15:10.620",
      "references": "[{\"url\": \"https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html\", \"source\": \"security@opentext.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-532\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-26322\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2024-09-12T13:15:10.620\",\"lastModified\":\"2024-10-02T15:03:41.997\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Possible Insertion of Sensitive Information into Log File Vulnerability\\n\\nin Identity Manager has been discovered in\\nOpenText\u2122 \\nIdentity Manager REST Driver. This impact version before 1.1.2.0200.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una vulnerabilidad de posible inserci\u00f3n de informaci\u00f3n confidencial en el archivo de registro en Identity Manager en el controlador REST de OpenText\u2122 Identity Manager. Esto afecta a las versiones anteriores a la 1.1.2.0200.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netiq:identity_manager_rest_driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.2.0200\",\"matchCriteriaId\":\"16F4D461-D05F-44D7-B21A-1196BBC1BB83\"}]}]}],\"references\":[{\"url\":\"https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html\",\"source\":\"security@opentext.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26322\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-12T12:58:26.895450Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-12T12:58:34.017Z\"}}], \"cna\": {\"title\": \"Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-215\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-215 Fuzzing for application mapping\"}]}, {\"capecId\": \"CAPEC-261\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OpenText\", \"product\": \"Identity Manager REST Driver 1.1.2.0200\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.0000\", \"versionType\": \"rpm, exe\", \"lessThanOrEqual\": \"1.1.2.0200\"}], \"platforms\": [\"Windows\", \"Linux\", \"64 bit\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://www.netiq.com/documentation/identity-manager-48-drivers/RESTDriver1.1.2.0300_readme/data/RESTDriver1.1.2.0300_readme.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Possible Insertion of Sensitive Information into Log File Vulnerability\\n\\nin Identity Manager has been discovered in\\nOpenText\\u2122 \\nIdentity Manager REST Driver. This impact version before 1.1.2.0200.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cstrong\u003ePossible Insertion of Sensitive Information into Log File Vulnerability\\n\\nin Identity Manager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\\nOpenText\\u2122 \\n\u003cstrong\u003e\u003c/strong\u003eIdentity Manager REST Driver. This impact version before 1.1.2.0200\u003cstrong\u003e.\u003c/strong\u003e\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\"}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2024-09-12T12:40:22.648Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-26322\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-12T12:58:37.530Z\", \"dateReserved\": \"2022-02-28T21:48:42.460Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2024-09-12T12:40:22.648Z\", \"assignerShortName\": \"OpenText\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.