Vulnerabilities > CVE-2024-4211 - Unspecified vulnerability in Microfocus Application Automation Tools

CVSS 2.4 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microfocus

NVD

Published: 2024-10-16

Updated: 2024-10-21

Summary

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

Vulnerable Configurations

Part	Description	Count
Application	Microfocus Microfocus Application Automation Tools 1.0 Microfocus Application Automation Tools 1.0.2 Microfocus Application Automation Tools 2.0.0 Microfocus Application Automation Tools 2.0.2 Microfocus Application Automation Tools 3.0.5 Microfocus Application Automation Tools 3.0.6 Microfocus Application Automation Tools 3.0.7 Microfocus Application Automation Tools 4.0 Microfocus Application Automation Tools 4.0.1 Microfocus Application Automation Tools 4.5.0 Microfocus Application Automation Tools 5.0 Microfocus Application Automation Tools 5.1 Microfocus Application Automation Tools 5.2 Microfocus Application Automation Tools 5.3 Microfocus Application Automation Tools 5.4 Microfocus Application Automation Tools 5.5 Microfocus Application Automation Tools 5.6.1	17

References

https://portal.microfocus.com/s/article/KM000033543?language=en_US