CVE-2024-4187 (GCVE-0-2024-4187)
Vulnerability from cvelistv5 – Published: 2024-07-31 20:28 – Updated: 2024-08-12 13:49
VLAI?
Summary
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.
Severity ?
CWE
- CWE-356 - Product UI does not Warn User of Unsafe Actions
Assigner
References
Credits
Dmytro Pravytskyi - AWARE7 GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:37:29.536130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:37:48.024Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Filr",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "24.1.1"
},
{
"status": "affected",
"version": "24.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmytro Pravytskyi - AWARE7 GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eStored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.\u003c/span\u003e"
}
],
"value": "Stored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:P/AU:N/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-356",
"description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T13:49:42.081Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000032291"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000032291\"\u003ehttps://portal.microfocus.com/s/article/KM000032291\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://portal.microfocus.com/s/article/KM000032291"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS vulnerability has been discovered in OpenText\u2122 Filr. The vulnerability could cause users to not be warned when clicking links to external sites.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-4187",
"datePublished": "2024-07-31T20:28:22.578Z",
"dateReserved": "2024-04-25T14:38:55.973Z",
"dateUpdated": "2024-08-12T13:49:42.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opentext:filr:24.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F0872B0-D841-491D-8442-4DA5441EF1DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:opentext:filr:24.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55F710C5-B6B3-4D8E-8B0D-A9891DAF5650\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Stored XSS vulnerability has been discovered in OpenText\\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.\"}, {\"lang\": \"es\", \"value\": \" Se descubri\\u00f3 una vulnerabilidad de XSS almacenado en el producto OpenText\\u2122 Filr, que afecta a las versiones 24.1.1 y 24.2. La vulnerabilidad podr\\u00eda hacer que los usuarios no reciban advertencias al hacer clic en enlaces a sitios externos.\"}]",
"id": "CVE-2024-4187",
"lastModified": "2024-08-15T14:45:27.797",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:D/RE:L/U:Green\", \"baseScore\": 2.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"PASSIVE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"LOW\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"PRESENT\", \"automatable\": \"NO\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"DIFFUSE\", \"vulnerabilityResponseEffort\": \"LOW\", \"providerUrgency\": \"GREEN\"}}], \"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
"published": "2024-07-31T21:15:18.320",
"references": "[{\"url\": \"https://portal.microfocus.com/s/article/KM000032291\", \"source\": \"security@opentext.com\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-356\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4187\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2024-07-31T21:15:18.320\",\"lastModified\":\"2024-08-15T14:45:27.797\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.\"},{\"lang\":\"es\",\"value\":\" Se descubri\u00f3 una vulnerabilidad de XSS almacenado en el producto OpenText\u2122 Filr, que afecta a las versiones 24.1.1 y 24.2. La vulnerabilidad podr\u00eda hacer que los usuarios no reciban advertencias al hacer clic en enlaces a sitios externos.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:D/RE:L/U:Green\",\"baseScore\":2.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"PRESENT\",\"Automatable\":\"NO\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"LOW\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-356\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opentext:filr:24.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F0872B0-D841-491D-8442-4DA5441EF1DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opentext:filr:24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55F710C5-B6B3-4D8E-8B0D-A9891DAF5650\"}]}]}],\"references\":[{\"url\":\"https://portal.microfocus.com/s/article/KM000032291\",\"source\":\"security@opentext.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4187\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-01T19:37:29.536130Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-01T19:37:44.000Z\"}}], \"cna\": {\"title\": \"Stored XSS vulnerability has been discovered in OpenText\\u2122 Filr. The vulnerability could cause users to not be warned when clicking links to external sites.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Dmytro Pravytskyi - AWARE7 GmbH\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 2.1, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:P/AU:N/V:D/RE:L/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OpenText\\u2122\", \"product\": \"Filr\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.1.1\"}, {\"status\": \"affected\", \"version\": \"24.2\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"https://portal.microfocus.com/s/article/KM000032291\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://portal.microfocus.com/s/article/KM000032291\\\"\u003ehttps://portal.microfocus.com/s/article/KM000032291\u003c/a\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://portal.microfocus.com/s/article/KM000032291\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Stored XSS vulnerability has been discovered in OpenText\\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eStored XSS vulnerability has been discovered in OpenText\\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-356\", \"description\": \"CWE-356: Product UI does not Warn User of Unsafe Actions\"}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2024-08-12T13:49:42.081Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4187\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-12T13:49:42.081Z\", \"dateReserved\": \"2024-04-25T14:38:55.973Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2024-07-31T20:28:22.578Z\", \"assignerShortName\": \"OpenText\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…