CVE-2024-4211

Multiple missing permission checks

CVSS 1.8 LOWEPSS 0.3%CWE-280

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 1.8EPSS 0.3%KEV nãoPoC —Patch —

Lifecycle

16 Oct 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

Affected products

OpenText · OpenText Application Automation Tools

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.microfocus.com/s/article/KM000033543?language=en_US