CVE-2024-4211 LOW

CVE-2024-4211: Multiple missing permission checks

Vendor Opentext
Product OpenText Application Automation Tools
Weakness CWE-280
Published October 16, 2024
Last update October 16, 2024

CVSS base score

1.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/RE:L/U:Clear

What the vulnerability does

01Description

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

Key dates

02Disclosure timeline

October 16, 2024 CVE published
October 16, 2024 Record updated