Improper Restriction of XML External Entity Reference in OpenText Application Automation Tools
CVE-2024-4690

8HIGH

Key Information:

Vendor: Microfocus
Status: Application Automation Tools
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-4690?

The vulnerability presents an improper restriction scenario concerning XML External Entity (XXE) references within OpenText Application Automation Tools. This issue enables the potential for DTD Injection, permitting attackers to exploit the application's handling of XML files. Such exploitation can lead to unauthorized access to sensitive information or system manipulation. The affected versions are 24.1.0 and earlier, necessitating immediate attention for organizations utilizing these tools to ensure their systems are secure against potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://portal.microfocus.com/s/article/KM000033548?langu...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024

JSON

Microfocus

What is CVE-2024-4690?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.