DTD Injection Vulnerability Affects OpenText Application Automation Tools
CVE-2024-4189

8HIGH

Key Information:

Vendor

Microfocus
Status
Application Automation Tools
Vendor
CVE Published:
16 October 2024

What is CVE-2024-4189?

An improper restriction of XML external entity references vulnerability has been identified in OpenText Application Automation Tools, allowing for DTD injection attacks. This vulnerability compromises the security of applications built using the affected tools, enabling potential unauthorized access to sensitive data and system resources. Organizations using OpenText Application Automation Tools version 24.1.0 or earlier are urged to implement necessary security measures to mitigate risks associated with this vulnerability.

References

https://portal.microfocus.com/s/article/KM000033547?langu...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.