CVE-2024-4692

Multiple missing permission checks

CVSS 1.8 LOWEPSS 0.3%CWE-280

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 1.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Oct 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

Affected products

OpenText · OpenText Application Automation Tools

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.microfocus.com/s/article/KM000033546?language=en_US