All the vulnerabilites related to OpenText - Secure Content Manager
cve-2024-10863
Vulnerability from cvelistv5
Published
2024-11-22 15:36
Modified
2024-11-22 15:36
Severity ?
EPSS score ?
Summary
Client-side audit exclusion vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| OpenText | Secure Content Manager |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Secure Content Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c24.4",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Evan Pearce of CyberCX"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.\u003cp\u003eThis issue affects Secure Content Manager: from 10.1 before \u0026lt;24.4.\u003c/p\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before \u003c24.4.\n\n\n\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side."
}
],
"impacts": [
{
"capecId": "CAPEC-268",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-268 Audit Log Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-778",
"description": "CWE-778: Insufficient Logging",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:36:39.075Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000036389?"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\u003cbr\u003e\u003cbr\u003eApply the following patch builds in your data center.\u003cbr\u003e\u003cbr\u003eSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\u003cbr\u003eSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\u003cbr\u003eSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\u003cbr\u003eSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\n\nApply the following patch builds in your data center.\n\nSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\nSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\nSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\nSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Client-side audit exclusion vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-10863",
"datePublished": "2024-11-22T15:36:39.075Z",
"dateReserved": "2024-11-05T14:11:06.490Z",
"dateUpdated": "2024-11-22T15:36:39.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1973
Vulnerability from cvelistv5
Published
2024-03-25 21:27
Modified
2024-08-06 13:35
Severity ?
EPSS score ?
Summary
Elevation of privileges vulnerability
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| OpenText | Secure Content Manager |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000027861"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opentext:secure_content_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_content_manager",
"vendor": "opentext",
"versions": [
{
"lessThanOrEqual": "23.4",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:32:31.130841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:35:36.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Secure Content Manager",
"vendor": "OpenText",
"versions": [
{
"lessThan": "\u003c=23.4",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Evan Pearce of CyberCX"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. "
}
],
"value": "By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. "
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-25T21:27:43.774Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000027861"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the following patch builds in your data center.\u003cbr\u003e\u003cbr\u003eSecure Content Manager 23.4 Patch 1: PH_215013 - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kmviewer.saas.microfocus.com/#/1566945\"\u003eContent Manager 23.4 Patch 1 Build 111\u003c/a\u003e\u003cbr\u003eSecure Content Manager 23.3 Patch 1: PH_215044 - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kmviewer.saas.microfocus.com/#/1567049\"\u003eContent Manager 23.3 Patch 1 Build 434\u003c/a\u003e\u003cbr\u003eSecure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054\u003cbr\u003eSecure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Apply the following patch builds in your data center.\n\nSecure Content Manager 23.4 Patch 1: PH_215013 - Content Manager 23.4 Patch 1 Build 111 https://kmviewer.saas.microfocus.com/#/1566945 \nSecure Content Manager 23.3 Patch 1: PH_215044 - Content Manager 23.3 Patch 1 Build 434 https://kmviewer.saas.microfocus.com/#/1567049 \nSecure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054\nSecure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Elevation of privileges vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-1973",
"datePublished": "2024-03-25T21:27:43.774Z",
"dateReserved": "2024-02-28T15:31:04.998Z",
"dateUpdated": "2024-08-06T13:35:36.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}