CVE-2024-10923

Improper Neutralization vulnerability has been discovered in OpenText™ ALM Octane Management.

Severity Score

8.6

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack.

This issue affects ALM Octane Management: from 16.2.100 through 24.4.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

Low

Integrity

High

Low

Availability

High

Low

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

Low

Integrity

High

Low

Availability

High

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-11-06 CVE Reserved
2024-11-12 CVE Published
2024-11-13 CVE Updated
2024-11-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

CAPEC-592: Stored XSS

References (1)

URL	Tag	Source
https://portal.microfocus.com/s/article/KM000036146?language=en_US

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
OpenText™ Search vendor "OpenText™"		ALM Octane Management Search vendor "OpenText™" for product "ALM Octane Management"				>= 16.2.100 <= 24.4 Search vendor "OpenText™" for product "ALM Octane Management" and version " >= 16.2.100 <= 24.4"		en		Affected