CVE-2024-4211

LOW

OpenText Application Automation Tools - Info Disclosure

Title source: llm

Description

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

References (1)

[Vendor Advisory] https://portal.microfocus.com/s/article/KM000033543?language=en_US

Scores

CVSS v3 2.4

EPSS 0.0016

EPSS Percentile 36.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-280

Status published

Products (1)

microfocus/application_automation_tools < 24.1.0

Published Oct 16, 2024

Tracked Since Feb 18, 2026