Improper Restriction of XML External Entity Reference in OpenText Application Automation Tools
CVE-2024-4690

8HIGH

Key Information:

Vendor: Microfocus
Status: Application Automation Tools
Vendor: CVE Published:; 16 October 2024

What is CVE-2024-4690?

The vulnerability presents an improper restriction scenario concerning XML External Entity (XXE) references within OpenText Application Automation Tools. This issue enables the potential for DTD Injection, permitting attackers to exploit the application's handling of XML files. Such exploitation can lead to unauthorized access to sensitive information or system manipulation. The affected versions are 24.1.0 and earlier, necessitating immediate attention for organizations utilizing these tools to ensure their systems are secure against potential threats.

References

https://portal.microfocus.com/s/article/KM000033548?langu...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2024

Microfocus

What is CVE-2024-4690?

References

CVSS V3.1

Timeline