Description
Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.
Published: 2026-03-27
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality loss via log exposure
Action: Patch
AI Analysis

Impact

The flaw is a log injection vulnerability that enables an authenticated local user to view sensitive data recorded by the SCIM Driver module. While processing authentication and user provisioning requests, the driver writes personally identifiable information, authentication tokens, or other protected data directly into log files, creating a straightforward path for confidentiality compromise.

Affected Systems

Vulnerable versions of the OpenText IDM Driver and Extensions are 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000 on Windows and 64‑bit Linux platforms.

Risk and Exploitability

With a CVSS score of 7.3 the vulnerability is considered high severity. EPSS data is not available, and the defect is not listed in the CISA KEV catalog, yet it requires only local authenticated access, which is commonly available to users with log‑read or administrative privileges. An attacker who exploits this flaw could retrieve credentials, personal identifiers, or other sensitive information exposed in the logs.

Generated by OpenCVE AI on March 27, 2026 at 16:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the IDM SCIM Driver to version 1.0.1.0400 or later, or to 1.1.0.0100 or later if you use the 1.1.x line

Generated by OpenCVE AI on March 27, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000.
Title Insertion of Sensitive Information into Log File
Weaknesses CWE-532
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:U/V:C/RE:M/U:Red'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-03-27T14:49:21.826Z

Reserved: 2024-11-21T18:38:16.507Z

Link: CVE-2024-11604

cve-icon Vulnrichment

Updated: 2026-03-27T14:48:50.355Z

cve-icon NVD

Status : Received

Published: 2026-03-27T15:16:42.807

Modified: 2026-03-27T15:16:42.807

Link: CVE-2024-11604

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:28:43Z

Weaknesses