Vulnerabilities > CVE-2024-4692 - Unspecified vulnerability in Microfocus Application Automation Tools

CVSS 2.4 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microfocus

NVD

Published: 2024-10-16

Updated: 2024-10-21

Summary

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

Vulnerable Configurations

Part	Description	Count
Application	Microfocus Microfocus Application Automation Tools 1.0 Microfocus Application Automation Tools 1.0.2 Microfocus Application Automation Tools 2.0.0 Microfocus Application Automation Tools 2.0.2 Microfocus Application Automation Tools 3.0.5 Microfocus Application Automation Tools 3.0.6 Microfocus Application Automation Tools 3.0.7 Microfocus Application Automation Tools 4.0 Microfocus Application Automation Tools 4.0.1 Microfocus Application Automation Tools 4.5.0 Microfocus Application Automation Tools 5.0 Microfocus Application Automation Tools 5.1 Microfocus Application Automation Tools 5.2 Microfocus Application Automation Tools 5.3 Microfocus Application Automation Tools 5.4 Microfocus Application Automation Tools 5.5 Microfocus Application Automation Tools 5.6.1	17

References

https://portal.microfocus.com/s/article/KM000033546?language=en_US