CVE-2024-4189

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://portal.microfocus.com/s/article/KM000033547?language=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*

History

21 Oct 2024, 14:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:microfocus:application_automation_tools::::::jenkins::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.0
References	~~() https://portal.microfocus.com/s/article/KM000033547?language=en_US -~~	() https://portal.microfocus.com/s/article/KM000033547?language=en_US - Vendor Advisory
First Time		Microfocus application Automation Tools Microfocus

18 Oct 2024, 12:53

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores.

16 Oct 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-16 17:15

Updated : 2024-10-21 14:08

NVD link : CVE-2024-4189

Mitre link : CVE-2024-4189

CVE.ORG link : CVE-2024-4189

JSON object : View

Products Affected

microfocus

application_automation_tools

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2024-4189", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}], "cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"safety": "NEGLIGIBLE", "version": "4.0", "recovery": "AUTOMATIC", "baseScore": 5.9, "automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-10-16T17:15:17.493", "references": [{"url": "https://portal.microfocus.com/s/article/KM000033547?language=en_US", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below."}, {"lang": "es", "value": "La vulnerabilidad de restricci\u00f3n incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyecci\u00f3n de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores."}], "lastModified": "2024-10-21T14:08:57.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "81346F30-B1A1-4A05-8706-ACED99564F09", "versionEndIncluding": "24.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}

8.0 /10