Lower-privileged users can manipulate clients to elevate privileges and perform unauthorized operations
CVE-2024-1973

8.5HIGH

Key Information:

Vendor: Opentext
Status: Secure Content Manager
Vendor: CVE Published:; 25 March 2024

Summary

A vulnerability in Micro Focus Content Manager allows lower-privileged users to exploit the system, potentially manipulating the clients to gain elevated privileges and execute unauthorized actions. This flaw poses a significant risk as it enables users without proper authorization to perform tasks that could compromise the integrity and security of the data handled by the application. Security measures should be prioritized to mitigate potential threats arising from this vulnerability.

Affected Version(s)

Secure Content Manager Windows 10.0

References

https://portal.microfocus.com/s/article/KM000027861

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 25, 2024
Vulnerability Reserved
Feb 28, 2024

Credit

Evan Pearce of CyberCX