CVE-2024-5532
A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA).
Severity Score
1.8
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
*Credits:
Marco Ventura, Claudia Bartolini, Massimiliano Brolli - TIM Group
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-30 CVE Reserved
- 2024-10-28 CVE Published
- 2024-10-29 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-63: Cross-Site Scripting (XSS)
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.20 Search vendor "OpenText™" for product "Operations Agent" and version "12.20" | en |
Affected
| ||||||
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.21 Search vendor "OpenText™" for product "Operations Agent" and version "12.21" | en |
Affected
| ||||||
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.22 Search vendor "OpenText™" for product "Operations Agent" and version "12.22" | en |
Affected
| ||||||
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.23 Search vendor "OpenText™" for product "Operations Agent" and version "12.23" | en |
Affected
| ||||||
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.24 Search vendor "OpenText™" for product "Operations Agent" and version "12.24" | en |
Affected
| ||||||
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.25 Search vendor "OpenText™" for product "Operations Agent" and version "12.25" | en |
Affected
| ||||||
| OpenText™ Search vendor "OpenText™" | Operations Agent Search vendor "OpenText™" for product "Operations Agent" | 12.26 Search vendor "OpenText™" for product "Operations Agent" and version "12.26" | en |
Affected
| ||||||