CVE-2024-11604 identifies a vulnerability classified under CWE-532 (Insertion of Sensitive Information into Log File) in the SCIM Driver module of OpenText IDM Driver and Extensions. The affected versions are 1.0.0.0000 through 1.0.1.0300 and 1.1.0.0000, running on Windows and Linux 64-bit platforms. The vulnerability arises because the software improperly logs sensitive information, which can be accessed by authenticated local users with high privileges. This exposure can lead to unauthorized disclosure of sensitive data, potentially including credentials or personally identifiable information, depending on what is logged. The CVSS 4.0 base score is 7.3, indicating a high severity level. The attack vector is local (AV:L), requiring low attack complexity (AC:L) but privileged access (PR:H) and user interaction (UI:A). The vulnerability impacts confidentiality, integrity, and availability with high scope and impact metrics. Although no exploits are currently known in the wild, the risk is significant due to the sensitive nature of the data exposed and the privileged access required to exploit it. The vulnerability is particularly relevant for organizations using OpenText IDM for identity and access management, where log files may contain sensitive operational or user data.

The primary impact of CVE-2024-11604 is the unauthorized disclosure of sensitive information through log files accessible to authenticated local users with elevated privileges. This can lead to data breaches involving credentials, personally identifiable information, or other confidential data, undermining trust and compliance with data protection regulations. The integrity of the system could be compromised if attackers use the leaked information to escalate privileges or pivot within the network. Availability impact is also rated high, as attackers might leverage the information to disrupt identity management services. Organizations relying on OpenText IDM for critical identity and access management functions may face operational disruptions and reputational damage. The vulnerability's requirement for local privileged access limits remote exploitation but does not eliminate risk in environments where multiple users have elevated access or where attackers have gained initial footholds. The absence of known exploits provides a window for remediation, but the high severity score underscores the need for prompt action.

Organizations should immediately audit and restrict access to log files generated by the OpenText IDM SCIM Driver to prevent unauthorized viewing of sensitive information. Implement strict file system permissions limiting log access to only necessary administrative accounts. Monitor logs for any unusual access patterns or attempts to read sensitive files. Apply vendor patches or updates as soon as they become available to address the logging flaw directly. If patches are delayed, consider disabling or limiting logging of sensitive operations temporarily, if feasible, to reduce exposure. Employ robust local user account management and minimize the number of users with high privilege levels to reduce the attack surface. Conduct regular security training to ensure users understand the risks of local privilege misuse. Additionally, implement endpoint detection and response (EDR) solutions to detect suspicious local activities that could indicate exploitation attempts. Finally, review and enhance overall identity and access management policies to ensure least privilege principles are enforced.