Affected URL: https://apps-ot.isvcs.net/iam/im/IDM-ENV-IAM-T/ui7/index.jsp

The application displays detailed error messages when unhandled Java exceptions occur. Detailed technical error messages can allow an adversary to gain information about the application and database that could be used to conduct further attacks. The following expressions were matched in the HTTP response:

\.java:[0-9]+
\.lang\.([A-Za-z0-9_]+)Exception

We could discuss details later.

Release : 14.3

Component : IdentityMinder(Identity Manager)

. I reviewed the document and at this time there is no actual exposure of database information / leaked information. The client is going to gather more information on their end that explains how a malicious attacker can obtain this information and provide a CVE.