CVE-2024-4692

LOW

OpenText Application Automation Tools <24.1 - Privilege Escalation

Title source: llm

Description

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

References (1)

[Vendor Advisory] https://portal.microfocus.com/s/article/KM000033546?language=en_US

Scores

CVSS v3 2.4

EPSS 0.0016

EPSS Percentile 36.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Classification

CWE

CWE-280

Status published

Affected Products (1)

microfocus/application_automation_tools < 24.1.0

Timeline

Published Oct 16, 2024

Tracked Since Feb 18, 2026