Improper Neutralization in OpenText Service Manager Reveals Sensitive Information
CVE-2025-0883

2.1LOW

Key Information:

Vendor: Opentext™
Status: Service Manager
Vendor: CVE Published:; 12 March 2025

Summary

A vulnerability in OpenText Service Manager allows for improper neutralization of scripts within error message web pages. This flaw can lead to the unintended disclosure of sensitive information stored in the user's browser. As a result, attackers might exploit this weakness to gain access to confidential data, emphasizing the importance of implementing robust security measures.

Affected Version(s)

Service Manager 9.70

Service Manager 9.71

Service Manager 9.72

References

https://portal.microfocus.com/s/article/KM000037099?langu...

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Jan 30, 2025