CVE-2024-5532 LOW

CVE-2024-5532: A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).

Vendor Opentext™

Product Operations Agent

Weakness CWE-79 · XSS

Published October 28, 2024

Last update October 29, 2024

View on NVD All CVEs

CVSS base score

1.8/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.

Key dates

02Disclosure timeline

October 28, 2024 CVE published

October 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5532 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2024-5532

CWE CWE-79

CVSS 1.8 / LOW

Affected versions

Vendor Opentext™

Product Operations Agent

Affected 12.20

Vendor Opentext™

Product Operations Agent

Affected 12.21

Vendor Opentext™

Product Operations Agent

Affected 12.22

Vendor Opentext™

Product Operations Agent

Affected 12.23

Vendor Opentext™

Product Operations Agent

Affected 12.24

Vendor Opentext™

Product Operations Agent

Affected 12.25

Vendor Opentext™

Product Operations Agent

Affected 12.26

CVE-2024-5532: A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).

01Description

02Disclosure timeline

03References

04Related CVE