Search criteria
18 vulnerabilities found for operations_agent by microfocus
FKIE_CVE-2024-5532
Vulnerability from fkie_nvd - Published: 2024-10-28 19:15 - Updated: 2025-10-14 18:07
Severity ?
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
References
| URL | Tags | ||
|---|---|---|---|
| security@opentext.com | https://portal.microfocus.com/s/article/KM000035731?language=en_US | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | operations_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC1C8DC9-5DBB-494A-9971-BE1E6E83FD01",
"versionEndIncluding": "12.26",
"versionStartIncluding": "12.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u00a0\n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o \"Cross-site Scripting\") en OpenText\u2122 Operations Agent. La vulnerabilidad XSS podr\u00eda permitir que un atacante con permisos de administrador local manipule el contenido de la p\u00e1gina de estado interna del agente en el sistema local. Este problema afecta a Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."
}
],
"id": "CVE-2024-5532",
"lastModified": "2025-10-14T18:07:12.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2024-10-28T19:15:15.010",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000035731?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-0622
Vulnerability from fkie_nvd - Published: 2024-02-15 21:15 - Updated: 2025-01-23 16:52
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | operations_agent | * | |
| microfocus | operations_agent | 12.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60CE247E-60E8-4397-A847-5B0701406D54",
"versionEndIncluding": "12.25",
"versionStartIncluding": "12.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "973DFAB3-05AE-49A0-917B-ADAD9C296322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de escalada de privilegios local afecta las versiones 12.15 y 12.20-12.25 del producto OpenText Operations Agent cuando se instala en plataformas que no son Windows. La vulnerabilidad podr\u00eda permitir una escalada de privilegios locales."
}
],
"id": "CVE-2024-0622",
"lastModified": "2025-01-23T16:52:07.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@opentext.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-15T21:15:08.860",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@opentext.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-38129
Vulnerability from fkie_nvd - Published: 2022-01-25 20:15 - Updated: 2024-11-21 06:16
Severity ?
Summary
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | operations_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD51AA8-8F52-42CD-B025-68AA8D6752DC",
"versionEndIncluding": "12.21",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios en Micro Focus en Micro Focus Operations Agent, afectando a versiones 12.x hasta 12.21 incluy\u00e9ndola. La vulnerabilidad podr\u00eda ser aprovechada por un usuario local no privilegiado para acceder a los datos de supervisi\u00f3n del sistema recopilados por Operations Agent"
}
],
"id": "CVE-2021-38129",
"lastModified": "2024-11-21T06:16:26.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-25T20:15:08.243",
"references": [
{
"source": "security@opentext.com",
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22505
Vulnerability from fkie_nvd - Published: 2021-04-13 14:15 - Updated: 2024-11-21 05:50
Severity ?
Summary
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | operations_agent | 12.0 | |
| microfocus | operations_agent | 12.01 | |
| microfocus | operations_agent | 12.02 | |
| microfocus | operations_agent | 12.03 | |
| microfocus | operations_agent | 12.04 | |
| microfocus | operations_agent | 12.05 | |
| microfocus | operations_agent | 12.06 | |
| microfocus | operations_agent | 12.10 | |
| microfocus | operations_agent | 12.11 | |
| microfocus | operations_agent | 12.12 | |
| microfocus | operations_agent | 12.14 | |
| microfocus | operations_agent | 12.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B386C147-D89B-45C2-9C68-545C1102F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21863B-4079-44B7-9E77-AEF2ACFEE866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB70185-D717-4CCD-96D7-D87DB0B26D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.03:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAEA425-6775-422A-810F-34148C0568D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.04:*:*:*:*:*:*:*",
"matchCriteriaId": "36D8E42D-76B8-44F1-9D5E-1E028856048B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE2D00B-25CF-46C5-9A59-7288D027FF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AF06A9-7934-49E4-BA84-4060F069FE12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E8620F-E030-4A29-9630-E52FE9F8CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCB40C1-168E-41AE-B346-C3579ECCE8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "89DB61A8-FE89-46FA-AE38-65B79998BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B55488BF-8BF0-489C-8FEF-2B68F5964B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "973DFAB3-05AE-49A0-917B-ADAD9C296322",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios en Micro Focus Operations Agent afecta a versiones 12.0x, 12.10, 12.11, 12.12, 12.14 y 12.15.\u0026#xa0;La vulnerabilidad podr\u00eda ser explotada para escalar privilegios y ejecutar c\u00f3digo bajo la cuenta del Operations Agent"
}
],
"id": "CVE-2021-22505",
"lastModified": "2024-11-21T05:50:14.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-13T14:15:13.833",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-11861
Vulnerability from fkie_nvd - Published: 2020-09-18 21:15 - Updated: 2024-11-21 04:58
Severity ?
Summary
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | operations_agent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B4CDB5-C8D9-4A91-8B6A-179AAF236F1F",
"versionEndIncluding": "12.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios local no autorizada en Micro Focus Operation Agent, que afecta a todas las versiones anteriores a la versi\u00f3n 12.11.\u0026#xa0;La vulnerabilidad podr\u00eda ser explotada para escalar los privilegios locales y conseguir acceso root en el sistema"
}
],
"id": "CVE-2020-11861",
"lastModified": "2024-11-21T04:58:46.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-18T21:15:12.530",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-17085
Vulnerability from fkie_nvd - Published: 2019-11-18 21:15 - Updated: 2024-11-21 04:31
Severity ?
Summary
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | operations_agent | 12.0 | |
| microfocus | operations_agent | 12.01 | |
| microfocus | operations_agent | 12.02 | |
| microfocus | operations_agent | 12.03 | |
| microfocus | operations_agent | 12.04 | |
| microfocus | operations_agent | 12.05 | |
| microfocus | operations_agent | 12.06 | |
| microfocus | operations_agent | 12.10 | |
| microfocus | operations_agent | 12.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B386C147-D89B-45C2-9C68-545C1102F519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.01:*:*:*:*:*:*:*",
"matchCriteriaId": "1A21863B-4079-44B7-9E77-AEF2ACFEE866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB70185-D717-4CCD-96D7-D87DB0B26D23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.03:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAEA425-6775-422A-810F-34148C0568D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.04:*:*:*:*:*:*:*",
"matchCriteriaId": "36D8E42D-76B8-44F1-9D5E-1E028856048B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE2D00B-25CF-46C5-9A59-7288D027FF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AF06A9-7934-49E4-BA84-4060F069FE12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "71E8620F-E030-4A29-9630-E52FE9F8CBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:operations_agent:12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCB40C1-168E-41AE-B346-C3579ECCE8B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ataque XXE en Micro Focus Operations Agent, versiones afectada 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. La vulnerabilidad podr\u00eda ser explotada para llevar a cabo un ataque de tipo XXE sobre Operations Agent."
}
],
"id": "CVE-2019-17085",
"lastModified": "2024-11-21T04:31:39.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-18T21:15:12.370",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-5532 (GCVE-0-2024-5532)
Vulnerability from cvelistv5 – Published: 2024-10-28 18:52 – Updated: 2024-10-29 13:31
VLAI?
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Operations Agent |
Affected:
12.20
Affected: 12.21 Affected: 12.22 Affected: 12.23 Affected: 12.24 Affected: 12.25 Affected: 12.26 |
Credits
Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:31:31.206658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:31:42.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operations Agent",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
},
{
"status": "affected",
"version": "12.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u00a0\n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:52:59.971Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000035731?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000035731?language=en_US\"\u003eOpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "OpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered. https://portal.microfocus.com/s/article/KM000035731"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A stored XSS vulnerability has been discovered on OpenText\u2122 Operations Agent (OA).",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-5532",
"datePublished": "2024-10-28T18:52:59.971Z",
"dateReserved": "2024-05-30T13:49:13.383Z",
"dateUpdated": "2024-10-29T13:31:42.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0622 (GCVE-0-2024-0622)
Vulnerability from cvelistv5 – Published: 2024-02-15 20:58 – Updated: 2024-08-23 19:22
VLAI?
Summary
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| opentext | Operations Agent |
Affected:
12.15
Affected: 12.20 Affected: 12.21 Affected: 12.22 Affected: 12.23 Affected: 12.24 Affected: 12.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "operations_agent",
"vendor": "microfocus",
"versions": [
{
"status": "affected",
"version": "12.15"
},
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T19:28:21.722838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T19:22:56.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Non-Windows"
],
"product": "Operations Agent ",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "12.15"
},
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal privilege escalation vulnerability\u003c/span\u003e\u0026nbsp;affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u0026nbsp;could allow local privilege escalation.\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T15:50:33.307Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026555?language=en_US\"\u003eSUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com)\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com) https://portal.microfocus.com/s/article/KM000026555 \n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms. ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-0622",
"datePublished": "2024-02-15T20:58:36.501Z",
"dateReserved": "2024-01-16T19:09:28.101Z",
"dateUpdated": "2024-08-23T19:22:56.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38129 (GCVE-0-2021-38129)
Vulnerability from cvelistv5 – Published: 2022-01-25 19:11 – Updated: 2024-08-04 01:30
VLAI?
Summary
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.
Severity ?
No CVSS data available.
CWE
- Escalation of privileges.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Micro Focus Operations Agent. |
Affected:
Micro Focus Operations Agent Versions 12.x up to and including 12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Operations Agent.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Micro Focus Operations Agent Versions 12.x up to and including 12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:11:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Operations Agent.",
"version": {
"version_data": [
{
"version_value": "Micro Focus Operations Agent Versions 12.x up to and including 12.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000003539?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38129",
"datePublished": "2022-01-25T19:11:07",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22505 (GCVE-0-2021-22505)
Vulnerability from cvelistv5 – Published: 2021-04-13 13:54 – Updated: 2024-08-03 18:44
VLAI?
Summary
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.
Severity ?
No CVSS data available.
CWE
- Escalation of privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Operations Agent |
Affected:
12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T13:54:27",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03792442",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22505",
"datePublished": "2021-04-13T13:54:27",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11861 (GCVE-0-2020-11861)
Vulnerability from cvelistv5 – Published: 2020-09-18 20:07 – Updated: 2024-08-04 11:42
VLAI?
Summary
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.
Severity ?
No CVSS data available.
CWE
- Unauthorized escalation of local privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Operations Agent |
Affected:
All version prior to 12.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior to 12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized escalation of local privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "All version prior to 12.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized escalation of local privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03709900",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11861",
"datePublished": "2020-09-18T20:07:34",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17085 (GCVE-0-2019-17085)
Vulnerability from cvelistv5 – Published: 2019-11-18 20:16 – Updated: 2024-08-05 01:33
VLAI?
Summary
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Severity ?
No CVSS data available.
CWE
- XXE attack
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Operations Agent |
Affected:
12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-17085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03556426",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-17085",
"datePublished": "2019-11-18T20:16:28",
"dateReserved": "2019-10-02T00:00:00",
"dateUpdated": "2024-08-05T01:33:16.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5532 (GCVE-0-2024-5532)
Vulnerability from nvd – Published: 2024-10-28 18:52 – Updated: 2024-10-29 13:31
VLAI?
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Operations Agent |
Affected:
12.20
Affected: 12.21 Affected: 12.22 Affected: 12.23 Affected: 12.24 Affected: 12.25 Affected: 12.26 |
Credits
Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:31:31.206658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:31:42.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Operations Agent",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
},
{
"status": "affected",
"version": "12.26"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \u003c/span\u003e\n\n\u003cp\u003eThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Operations Agent.\u00a0\n\nThe XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. \n\nThis issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T18:52:59.971Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000035731?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000035731?language=en_US\"\u003eOpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "OpenText\u2122 Operations Agent (OA) Security Bulletin - A low severity stored XSS vulnerability has been discovered. https://portal.microfocus.com/s/article/KM000035731"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A stored XSS vulnerability has been discovered on OpenText\u2122 Operations Agent (OA).",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-5532",
"datePublished": "2024-10-28T18:52:59.971Z",
"dateReserved": "2024-05-30T13:49:13.383Z",
"dateUpdated": "2024-10-29T13:31:42.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0622 (GCVE-0-2024-0622)
Vulnerability from nvd – Published: 2024-02-15 20:58 – Updated: 2024-08-23 19:22
VLAI?
Summary
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| opentext | Operations Agent |
Affected:
12.15
Affected: 12.20 Affected: 12.21 Affected: 12.22 Affected: 12.23 Affected: 12.24 Affected: 12.25 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "operations_agent",
"vendor": "microfocus",
"versions": [
{
"status": "affected",
"version": "12.15"
},
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T19:28:21.722838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T19:22:56.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Non-Windows"
],
"product": "Operations Agent ",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "12.15"
},
{
"status": "affected",
"version": "12.20"
},
{
"status": "affected",
"version": "12.21"
},
{
"status": "affected",
"version": "12.22"
},
{
"status": "affected",
"version": "12.23"
},
{
"status": "affected",
"version": "12.24"
},
{
"status": "affected",
"version": "12.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eLocal privilege escalation vulnerability\u003c/span\u003e\u0026nbsp;affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u0026nbsp;could allow local privilege escalation.\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-20T15:50:33.307Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026555?language=en_US\"\u003eSUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com)\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com) https://portal.microfocus.com/s/article/KM000026555 \n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms. ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-0622",
"datePublished": "2024-02-15T20:58:36.501Z",
"dateReserved": "2024-01-16T19:09:28.101Z",
"dateUpdated": "2024-08-23T19:22:56.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38129 (GCVE-0-2021-38129)
Vulnerability from nvd – Published: 2022-01-25 19:11 – Updated: 2024-08-04 01:30
VLAI?
Summary
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.
Severity ?
No CVSS data available.
CWE
- Escalation of privileges.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Micro Focus Operations Agent. |
Affected:
Micro Focus Operations Agent Versions 12.x up to and including 12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Operations Agent.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Micro Focus Operations Agent Versions 12.x up to and including 12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:11:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Operations Agent.",
"version": {
"version_data": [
{
"version_value": "Micro Focus Operations Agent Versions 12.x up to and including 12.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000003539?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38129",
"datePublished": "2022-01-25T19:11:07",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22505 (GCVE-0-2021-22505)
Vulnerability from nvd – Published: 2021-04-13 13:54 – Updated: 2024-08-03 18:44
VLAI?
Summary
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.
Severity ?
No CVSS data available.
CWE
- Escalation of privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Operations Agent |
Affected:
12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T13:54:27",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03792442",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03792442"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22505",
"datePublished": "2021-04-13T13:54:27",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11861 (GCVE-0-2020-11861)
Vulnerability from nvd – Published: 2020-09-18 20:07 – Updated: 2024-08-04 11:42
VLAI?
Summary
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.
Severity ?
No CVSS data available.
CWE
- Unauthorized escalation of local privileges
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Operations Agent |
Affected:
All version prior to 12.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior to 12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized escalation of local privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "All version prior to 12.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized escalation of local privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03709900",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03709900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11861",
"datePublished": "2020-09-18T20:07:34",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17085 (GCVE-0-2019-17085)
Vulnerability from nvd – Published: 2019-11-18 20:16 – Updated: 2024-08-05 01:33
VLAI?
Summary
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Severity ?
No CVSS data available.
CWE
- XXE attack
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Operations Agent |
Affected:
12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-17085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03556426",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-17085",
"datePublished": "2019-11-18T20:16:28",
"dateReserved": "2019-10-02T00:00:00",
"dateUpdated": "2024-08-05T01:33:16.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}