Cross-Site Scripting Vulnerability in OpenText Solutions Business Manager
CVE-2024-7085

8.2HIGH

Key Information:

Vendor: Opentext™
Status: Solutions Business Manager (sbm)
Vendor: CVE Published:; 15 January 2025

Summary

An XSS vulnerability exists in OpenText Solutions Business Manager (SBM) that allows attackers to perform stored cross-site scripting, potentially leading to unauthorized access to private information. This vulnerability highlights the risk of improper input neutralization during web page generation, enabling malicious actors to inject harmful scripts that can compromise user data and application integrity.

Affected Version(s)

Solutions Business Manager (SBM) 0 <= 12.2.1

References

https://portal.microfocus.com/s/article/KM000036201?langu...

CVSS V4

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jul 24, 2024

Credit

Wiktoria Lewandowska