CVE-2025-12455 - Vulnerability Details - OpenCVE

Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000045854?language=en_US

History

Fri, 13 Mar 2026 18:45:00 +0000

Type	Values Removed	Values Added
Description		Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
Title		Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
Weaknesses		CWE-204
References		https://portal.microfocus.com/s/article/KM000045854?language=en_US
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2026-03-13T18:30:27.903Z

Updated: 2026-03-13T19:33:40.096Z

Reserved: 2025-10-28T21:28:44.651Z

Link: CVE-2025-12455

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12455", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2025-10-28T21:28:44.651Z", "datePublished": "2026-03-13T18:30:27.903Z", "dateUpdated": "2026-03-13T19:33:40.096Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-03-13T18:30:27.903Z"}, "title": "Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText\u2122 Vertica.", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-204", "description": "CWE-204 Observable response discrepancy", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-49", "descriptions": [{"lang": "en", "value": "CAPEC-49 Password Brute Forcing"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Vertica", "versions": [{"status": "affected", "version": "10.0", "lessThanOrEqual": "10.x", "versionType": "custom"}, {"status": "affected", "version": "11.0", "lessThanOrEqual": "11.x", "versionType": "custom"}, {"status": "affected", "version": "12.0", "lessThanOrEqual": "12.x", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.  \nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.<p>This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.</p>"}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NEGLIGIBLE", "Automatable": "YES", "Recovery": "USER", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U"}}], "solutions": [{"lang": "en", "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US", "supportingMedia": [{"type": "text/html", "base64": false, "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"}]}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T19:33:33.057816Z", "id": "CVE-2025-12455", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T19:33:40.096Z"}}]}}