Search criteria
2 vulnerabilities found for Operations Agent by OpenText™
CVE-2024-5532 (GCVE-0-2024-5532)
Vulnerability from cvelistv5 – Published: 2024-10-28 18:52 – Updated: 2024-10-29 13:31
VLAI?
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Operations Agent |
Affected:
12.20
Affected: 12.21 Affected: 12.22 Affected: 12.23 Affected: 12.24 Affected: 12.25 Affected: 12.26 |
Credits
Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:31:31.206658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:31:42.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operations Agent",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
},
{
"status": "affected",
"version": "12.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u00a0\n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:52:59.971Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000035731?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000035731?language=en_US\"\u003eOpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "OpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered. https://portal.microfocus.com/s/article/KM000035731"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A stored XSS vulnerability has been discovered on OpenText\u2122 Operations Agent (OA).",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-5532",
"datePublished": "2024-10-28T18:52:59.971Z",
"dateReserved": "2024-05-30T13:49:13.383Z",
"dateUpdated": "2024-10-29T13:31:42.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5532 (GCVE-0-2024-5532)
Vulnerability from nvd – Published: 2024-10-28 18:52 – Updated: 2024-10-29 13:31
VLAI?
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Operations Agent |
Affected:
12.20
Affected: 12.21 Affected: 12.22 Affected: 12.23 Affected: 12.24 Affected: 12.25 Affected: 12.26 |
Credits
Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:31:31.206658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:31:42.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operations Agent",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
},
{
"status": "affected",
"version": "12.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u00a0\n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:52:59.971Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000035731?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000035731?language=en_US\"\u003eOpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "OpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered. https://portal.microfocus.com/s/article/KM000035731"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A stored XSS vulnerability has been discovered on OpenText\u2122 Operations Agent (OA).",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-5532",
"datePublished": "2024-10-28T18:52:59.971Z",
"dateReserved": "2024-05-30T13:49:13.383Z",
"dateUpdated": "2024-10-29T13:31:42.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}