Description
Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.  
The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
Published: 2026-03-13
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Password Brute Forcing
Action: Patch Now
AI Analysis

Impact

The vulnerability is an observable response discrepancy that enables password brute forcing against the Vertica management console. An attacker can submit multiple credential attempts and infer success or failure by the differing responses, potentially gaining unauthorized access. This weakness is categorized as CWE-204, reflecting an observable logic flaw that undermines authentication integrity.

Affected Systems

OpenText Vertica versions from 10.0 through 10.X, 11.0 through 11.X, and 12.0 through 12.X are affected. No sub‑version details are provided, so all releases within these version ranges should be considered vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 5.1 indicates a medium severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw by targeting the management console login interface and brute‑forcing credentials based on response time or content differences. Because the flaw resides in authentication, the risk impacts confidentiality and availability of the management console but does not grant arbitrary code execution.

Generated by OpenCVE AI on March 19, 2026 at 14:37 UTC.

Remediation

Vendor Solution

https://portal.microfocus.com/s/article/KM000045854?language=en_US

OpenCVE Recommended Actions

  • Apply the official Vertica security patch as provided by OpenText (https://portal.microfocus.com/s/article/KM000045854?language=en_US).
  • Verify that the Vertica management console no longer exhibits differing responses for failed login attempts after patch deployment.
  • If immediate patching is not feasible, enforce account lockout or rate‑limit policies on the management console to mitigate brute‑force attempts as a temporary countermeasure.

Generated by OpenCVE AI on March 19, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Opentext
Opentext vertica
Vendors & Products Opentext
Opentext vertica

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.   The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
Title Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
Weaknesses CWE-204
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U'}

Subscriptions

Opentext Vertica
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-03-13T19:33:40.096Z

Reserved: 2025-10-28T21:28:44.651Z

Link: CVE-2025-12455

cve-icon Vulnrichment

Updated: 2026-03-13T19:33:37.168Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:53:47.873

Modified: 2026-03-16T14:54:11.293

Link: CVE-2025-12455

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:33Z

Weaknesses