CVE-2024-11604 | OpenText IDM Driver and Extensions up to 1.0.1.0300/1.1.0.0000 on Windows SCIM Driver log file

VDB-353915 · CVE-2024-11604 · GCVE-0-2024-11604 OPENTEXT IDM DRIVER AND EXTENSIONS UP TO 1.0.1.0300/1.1.0.0000 ON WINDOWS SCIM DRIVER LOG FILE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 2.3 $0-$5k 1.45+ Summaryinfo A vulnerability identified as problematic has been detected in OpenText IDM Driver and Extensions up to 1.0.1.0300/1.1.0.0000 on Windows. Affected by this issue is some unknown functionality of the component SCIM Driver Module. The manipulation leads to log file. This vulnerability is referenced as CVE-2024-11604. The attack can only be performed from a local environment. No exploit is available. Detailsinfo A vulnerability was found in OpenText IDM Driver and Extensions up to 1.0.1.0300/1.1.0.0000 on Windows. It has been rated as problematic. This issue affects some unknown functionality of the component SCIM Driver Module. The manipulation with an unknown input leads to a log file vulnerability. Using CWE to declare the problem leads to CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Impacted is confidentiality. The summary by CVE is: Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000. It is possible to read the advisory at netiq.com. The identification of this vulnerability is CVE-2024-11604 since 11/21/2024. The exploitation is known to be easy. Attacking locally is a requirement. The exploitation requires an enhanced level of successful authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. Productinfo Type Hardware Driver Software Vendor OpenText Name IDM Driver and Extensions Version 1.0.0 1.0.1.0300 1.1.0 License commercial CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA CVSS-B Score: 🔒 CNA CVSS-BT Score: 🔒 CNA Vector: 🔒 CVSSv3info VulDB Meta Base Score: 2.3 VulDB Meta Temp Score: 2.3 VulDB Base Score: 2.3 VulDB Temp Score: 2.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Log file CWE: CWE-532 / CWE-200 / CWE-284 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: no mitigation known Status: 🔍 0-Day Time: 🔒 Timelineinfo 11/21/2024 CVE reserved 03/27/2026 +491 days Advisory disclosed 03/27/2026 +0 days VulDB entry created 03/27/2026 +0 days VulDB entry last update Sourcesinfo Advisory: netiq.com Status: Not defined CVE: CVE-2024-11604 (🔒) GCVE (CVE): GCVE-0-2024-11604 GCVE (VulDB): GCVE-100-353915 Entryinfo Created: 03/27/2026 15:44 Changes: 03/27/2026 15:44 (73) Complete: 🔍 Cache ID: 99:C11:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸