Improper Neutralization in OpenText Service Manager Reveals Sensitive Information
CVE-2025-0883

2.1LOW

Key Information:

Vendor
Opentext™
Status
Service Manager
Vendor
CVE Published:
12 March 2025

Summary

A vulnerability in OpenText Service Manager allows for improper neutralization of scripts within error message web pages. This flaw can lead to the unintended disclosure of sensitive information stored in the user's browser. As a result, attackers might exploit this weakness to gain access to confidential data, emphasizing the importance of implementing robust security measures.

Affected Version(s)

Service Manager 9.70

Service Manager 9.71

Service Manager 9.72

References

CVSS V4

Score:
2.1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.