CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4692 – Multiple missing permission checks
https://notcve.org/view.php?id=CVE-2024-4692
16 Oct 2024 — Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below. V... • https://portal.microfocus.com/s/article/KM000033546?language=en_US • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4690 – Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools
https://notcve.org/view.php?id=CVE-2024-4690
16 Oct 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores. • https://portal.microfocus.com/s/article/KM000033548?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4211 – Multiple missing permission checks
https://notcve.org/view.php?id=CVE-2024-4211
16 Oct 2024 — Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automatio... • https://portal.microfocus.com/s/article/KM000033543?language=en_US • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4189 – Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
https://notcve.org/view.php?id=CVE-2024-4189
16 Oct 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores. • https://portal.microfocus.com/s/article/KM000033547?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4184 – Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools
https://notcve.org/view.php?id=CVE-2024-4184
16 Oct 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores. • https://portal.microfocus.com/s/article/KM000033540?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22503 – Improper Neutralization of Input During Web Page Generation Vulnerability
https://notcve.org/view.php?id=CVE-2021-22503
12 Sep 2024 — Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. • https://www.netiq.com/documentation/edirectory-92/edirectory924_releasenotes/data/edirectory924_releasenotes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22532 – Possible NLDAP Denial of Service attack Vulnerability
https://notcve.org/view.php?id=CVE-2021-22532
12 Sep 2024 — Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. • https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22533 – Possible Insertion of Sensitive Information into Log File Vulnerability
https://notcve.org/view.php?id=CVE-2021-22533
12 Sep 2024 — Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. • https://www.netiq.com/documentation/edirectory-92/edirectory925_releasenotes/data/edirectory925_releasenotes.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22509 – Handling of sensitive data in process memory in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22509
28 Aug 2024 — A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22529 – Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication
https://notcve.org/view.php?id=CVE-2021-22529
28 Aug 2024 — A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •