Potential Bypass of Authentication and File Uploading Vulnerability in OpenText PVCS Version Manager
CVE-2024-1148

9.8CRITICAL

Key Information:

Vendor: Opentext
Status: Pvcs Version Manager
Vendor: CVE Published:; 21 March 2024

Summary

A vulnerability identified in OpenText PVCS Version Manager exposes a weakness in its access control system, permitting attackers to potentially bypass authentication mechanisms. This flaw enables unauthorized users to upload files, which could lead to significant security risks including data breaches and system exploitation. Organizations utilizing this product are advised to assess their security posture and implement necessary safeguards to mitigate these risks effectively.

Affected Version(s)

PVCS Version Manager 0 < 8.6.3.3

References

https://portal.microfocus.com/s/article/KM000026669

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Feb 1, 2024