CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4692 – Multiple missing permission checks
https://notcve.org/view.php?id=CVE-2024-4692
16 Oct 2024 — Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below. V... • https://portal.microfocus.com/s/article/KM000033546?language=en_US • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4690 – Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools
https://notcve.org/view.php?id=CVE-2024-4690
16 Oct 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores. • https://portal.microfocus.com/s/article/KM000033548?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4211 – Multiple missing permission checks
https://notcve.org/view.php?id=CVE-2024-4211
16 Oct 2024 — Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automatio... • https://portal.microfocus.com/s/article/KM000033543?language=en_US • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4189 – Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
https://notcve.org/view.php?id=CVE-2024-4189
16 Oct 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores. • https://portal.microfocus.com/s/article/KM000033547?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4184 – Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools
https://notcve.org/view.php?id=CVE-2024-4184
16 Oct 2024 — Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. La vulnerabilidad de restricción incorrecta de referencia de entidad externa XML en OpenText Application Automation Tools permite la inyección de DTD. Este problema afecta a OpenText Application Automation Tools: 24.1.0 y anteriores. • https://portal.microfocus.com/s/article/KM000033540?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22512
https://notcve.org/view.php?id=CVE-2021-22512
08 Apr 2021 — Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versión 6.7 y versiones anteriores. • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22511
https://notcve.org/view.php?id=CVE-2021-22511
08 Apr 2021 — Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates. Una vulnerabilidad de comprobación inapropiada de certificado en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versión 6.7 y versiones anteriores. • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2176 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22510
https://notcve.org/view.php?id=CVE-2021-22510
08 Apr 2021 — Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions. Una vulnerabilidad de tipo XSS reflejado en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a todas las versiones 6.7 y anteriores • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2175 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22513
https://notcve.org/view.php?id=CVE-2021-22513
08 Apr 2021 — Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks. Una falta de una vulnerabilidad de autorización en el plugin de Micro Focus Application Automation Tools Plugin - Jenkins. La vulnerabilidad afecta a versión 6.7 y versiones anteriores. • https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-2132 • CWE-862: Missing Authorization •