CVE-2024-5532 – A stored XSS vulnerability has been discovered on OpenTextâ„¢ Operations Agent (OA).
https://notcve.org/view.php?id=CVE-2024-5532
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenTextâ„¢ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. • https://portal.microfocus.com/s/article/KM000035731?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-0622 – Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms.
https://notcve.org/view.php?id=CVE-2024-0622
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. La vulnerabilidad de escalada de privilegios local afecta las versiones 12.15 y 12.20-12.25 del producto OpenText Operations Agent cuando se instala en plataformas que no son Windows. La vulnerabilidad podría permitir una escalada de privilegios locales. • https://portal.microfocus.com/s/article/KM000026555?language=en_US • CWE-269: Improper Privilege Management •