CVE-2025-2236

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5.

CVSS

No CVSS.

References

Link	Resource
https://portal.microfocus.com/s/article/KM000039947

Configurations

No configuration.

History

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) Exposición de información sensible del sistema a una vulnerabilidad de esfera de control no autorizada en OpenText Advanced Authentication permite la obtención de información. Esta vulnerabilidad podría revelar información confidencial durante la gestión y configuración de servicios externos. Este problema afecta a las versiones de Advanced Authentication anteriores a la 6.5.

27 May 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-27 15:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-2236

Mitre link : CVE-2025-2236

CVE.ORG link : CVE-2025-2236

JSON object : View

Products Affected

No product.

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

{"id": "CVE-2025-2236", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-27T15:15:32.223", "references": [{"url": "https://portal.microfocus.com/s/article/KM000039947", "source": "security@opentext.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-497"}]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could\u00a0reveal sensitive information while managing and configuring of the external services.\n\nThis issue affects Advanced Authentication versions before 6.5."}, {"lang": "es", "value": "Exposici\u00f3n de informaci\u00f3n sensible del sistema a una vulnerabilidad de esfera de control no autorizada en OpenText Advanced Authentication permite la obtenci\u00f3n de informaci\u00f3n. Esta vulnerabilidad podr\u00eda revelar informaci\u00f3n confidencial durante la gesti\u00f3n y configuraci\u00f3n de servicios externos. Este problema afecta a las versiones de Advanced Authentication anteriores a la 6.5."}], "lastModified": "2025-05-28T15:01:30.720", "sourceIdentifier": "security@opentext.com"}