CVE-2025-13478 PUBLISHED

Cache Misconfiguration Leading to Cross-User Data Exposure

Assigner: OpenText
Reserved: 20.11.2025 Published: 27.03.2026 Updated: 27.03.2026

Cache misconfiguration vulnerability in OpenText Identity Manager on Windows, Linux allows remote authenticated users to obtain another user's session data via insecure application cache handling. This issue affects Identity Manager: 25.2(v4.10.1).

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N
CVSS Score: 8.4

Product Status

Vendor OpenText
Product Identity Manager
Versions Default: unaffected
  • Version 25.2(v4.10.1) is affected

Credits

  • TH Köln reporter

References

Problem Types

  • CWE-522 Insufficiently Protected Credentials CWE

Impacts

  • CAPEC-102 Session Sidejacking