CVE-2026-11877
published 2026-06-24CVE-2026-11877: An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.18%
7.5th percentile
An unauthorized user can modify configuration through API
calls that affects the OpenText Access
Manager. This issue affects Access Manager before 5.1.3.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microfocus | access_manager | — | — |
| microfocus | access_manager | — | — |
| microfocus | access_manager | >= 5.0 < 5.1 | 5.1 |
| opentext | access_manager | 5.1 – 5.1.2 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv4.06.3MEDIUMCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenText Access Manager up to 5.1.2 Configuration incorrect privileged apis
vuldb·2026-06-30·CVSS 7.5
CVE-2026-11877 [HIGH] OpenText Access Manager up to 5.1.2 Configuration incorrect privileged apis
A vulnerability has been found in OpenText Access Manager up to 5.1.2 and classified as problematic. This affects an unknown function of the component Configuration Handler. The manipulation leads to incorrect use of privileged apis.
This vulnerability is documented as CVE-2026-11877. The attack can be initiated remotely. There is not any exploit available.
The affected component should be upgraded.
GHSA
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager.
ghsa_unreviewed·2026-06-24
CVE-2026-11877 [MEDIUM] CWE-648 An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager.
An unauthorized user can modify configuration through API
calls that affects the OpenText Access
Manager. This issue affects Access Manager before 5.1.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-24
Published