cve-2024-10863
Vulnerability from cvelistv5
Published
2024-11-22 15:36
Modified
2024-11-22 15:36
Severity ?
EPSS score ?
Summary
Client-side audit exclusion vulnerability
References
Impacted products
▼ | Vendor | Product |
---|---|---|
OpenText | Secure Content Manager |
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Windows" ], "product": "Secure Content Manager", "vendor": "OpenText", "versions": [ { "lessThan": "\u003c24.4", "status": "affected", "version": "10.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Evan Pearce of CyberCX" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.\u003cp\u003eThis issue affects Secure Content Manager: from 10.1 before \u0026lt;24.4.\u003c/p\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.\u003c/span\u003e\n\n\u003cbr\u003e" } ], "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before \u003c24.4.\n\n\n\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side." } ], "impacts": [ { "capecId": "CAPEC-268", "descriptions": [ { "lang": "en", "value": "CAPEC-268 Audit Log Manipulation" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-778", "description": "CWE-778: Insufficient Logging", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-22T15:36:39.075Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText" }, "references": [ { "url": "https://portal.microfocus.com/s/article/KM000036389?" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\u003cbr\u003e\u003cbr\u003eApply the following patch builds in your data center.\u003cbr\u003e\u003cbr\u003eSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\u003cbr\u003eSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\u003cbr\u003eSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\u003cbr\u003eSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185\u003cbr\u003e\u003cbr\u003e" } ], "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\n\nApply the following patch builds in your data center.\n\nSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\nSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\nSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\nSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185" } ], "source": { "discovery": "EXTERNAL" }, "title": "Client-side audit exclusion vulnerability", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "OpenText", "cveId": "CVE-2024-10863", "datePublished": "2024-11-22T15:36:39.075Z", "dateReserved": "2024-11-05T14:11:06.490Z", "dateUpdated": "2024-11-22T15:36:39.075Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-10863\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2024-11-22T16:15:21.257\",\"lastModified\":\"2024-11-22T16:15:21.257\",\"vulnStatus\":\"Received\",\"descriptions\":[{\"lang\":\"en\",\"value\":\": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before \u003c24.4.\\n\\n\\n\\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"NONE\",\"vulnerableSystemIntegrity\":\"LOW\",\"vulnerableSystemAvailability\":\"NONE\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-778\"}]}],\"references\":[{\"url\":\"https://portal.microfocus.com/s/article/KM000036389?\",\"source\":\"security@opentext.com\"}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.