Lucene search

OpenTextCVE-2024-1470

HistoryFeb 29, 2024 - 1:43 a.m.

CVE-2024-1470

2024-02-2901:43:51

CWE-639

OpenText

web.nvd.nist.gov

cve-2024-1470

authorization bypass

netiq

opentext

windows

privilege escalation

code injection

nvd

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue

only

affects NetIQ Client Login Extension: 4.6.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "NetIQ Client Login Extension",
    "vendor": "OpenText",
    "versions": [
      {
        "status": "affected",
        "version": "4.6"
      }
    ]
  }
]

References

portal.microfocus.com/s/article/KM000026667?language=en_US

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-1470