CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1938 matches found

Cvelist•added 2024/10/16 4:41 p.m.•16 views

CVE-2024-4690 Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below...

5.1CVSS0.00114EPSS

Exploits0References1

Vulnrichment•added 2024/10/16 4:41 p.m.•10 views

CVE-2024-4690 Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application Automation Tools

5.1CVSS7.2AI score0.00114EPSS

Exploits0References1

CVE•added 2024/10/16 4:41 p.m.•50 views

CVE-2024-4690

CVE-2024-4690 affects the OpenText Application Automation Tools Plugin for Jenkins (versions 24.1.0 and earlier). The root cause is improper configuration of XML parsers, enabling XML external entity (XXE) attacks and DTD Injection when processing input files for build steps. Reported impact incl...

8CVSS7.9AI score0.00114EPSS

Exploits0References1Affected Software1

CVE•added 2024/10/16 4:41 p.m.•55 views

CVE-2024-4211

CVE-2024-4211 affects OpenText Application Automation Tools (v24.1.0 and below). Root cause: improper validation of input quantity coupled with multiple missing permission checks in ALM job configuration. Impact: users with Overall/Read permission could enumerate ALM server names, usernames and c...

2.4CVSS4.8AI score0.0016EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/10/16 4:41 p.m.•11 views

CVE-2024-4211 Multiple missing permission checks

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation...

1.8CVSS7AI score0.0016EPSS

Exploits0References1

Cvelist•added 2024/10/16 4:41 p.m.•12 views

CVE-2024-4211 Multiple missing permission checks

1.8CVSS0.0016EPSS

Exploits0References1

CVE•added 2024/10/16 4:41 p.m.•42 views

CVE-2024-4189

CVE-2024-4189 affects OpenText Application Automation Tools (version 24.1.0 and earlier). The issue is an XML External Entity (XXE) / DTD Injection caused by an improper restriction on external entities in the tool’s XML parsing, leading to potential compromise of confidentiality, integrity, and ...

8CVSS7.9AI score0.00135EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/10/16 4:41 p.m.•16 views

CVE-2024-4189 Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools

5.9CVSS0.00135EPSS

Exploits0References1

Vulnrichment•added 2024/10/16 4:41 p.m.•10 views

CVE-2024-4189 Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools

5.9CVSS7.2AI score0.00135EPSS

Exploits0References1

Cvelist•added 2024/10/16 4:41 p.m.•17 views

CVE-2024-4184 Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools

5.9CVSS0.00135EPSS

Exploits0References1

Vulnrichment•added 2024/10/16 4:41 p.m.•13 views

CVE-2024-4184 Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools

5.9CVSS7.2AI score0.00135EPSS

Exploits0References1

CVE•added 2024/10/16 4:41 p.m.•51 views

CVE-2024-4184

OpenText Application Automation Tools plugin for Jenkins (versions 24.1.0 and earlier) is affected by CVE-2024-4184 due to improper restriction of XML external entity references, enabling DTD injection when parsing input files. Impact described as high in CVSS metrics; exploitation status is not ...

8CVSS7.9AI score0.00135EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/10/16 4:28 p.m.•15 views

CVE-2023-32266 Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.

Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management ALM,Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Application Lifecycle Management ALM,Quality Center:...

5.3CVSS7.1AI score0.00076EPSS

Exploits0References1

Cvelist•added 2024/10/16 4:28 p.m.•15 views

CVE-2023-32266 Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.

5.3CVSS0.00076EPSS

Exploits0References1

CVE•added 2024/10/16 4:28 p.m.•57 views

CVE-2023-32266

CVE-2023-32266 concerns an Untrusted Search Path vulnerability in OpenText OpenText ALM/Quality Center. Reports indicate a code inclusion flaw that lets a user archive a malicious DLL on the system before installation, affecting ALM/Quality Center versions 15.00, 15.01 (including P1–P5), 15.51 (i...

5.3CVSS6.5AI score0.00076EPSS

Exploits0References1

Positive Technologies•added 2024/10/16 12:0 a.m.•3 views

PT-2024-32283 · Opentext · Opentext Application Automation Tools

Name of the Vulnerable Software and Affected Versions: OpenText Application Automation Tools versions 24.1.0 and below Description: The issue is related to improper validation of specified quantity in input, allowing exploitation of incorrectly configured access control security levels. Multiple...

2.4CVSS7.4AI score0.0016EPSS

Exploits0References6

CNNVD•added 2024/10/16 12:0 a.m.•1 views

OpenText Application Lifecycle Management 代码问题漏洞

OpenText Application Lifecycle Management OpenText ALM is an application lifecycle management from OpenText Canada. A code issue vulnerability exists in OpenText Application Lifecycle Management that originates from a code inclusion that allows a user to archive a malicious DLL into the system...

5.3CVSS6.9AI score0.00076EPSS

Exploits0References2

Positive Technologies•added 2024/10/16 12:0 a.m.•3 views

PT-2024-32271 · Opentext · Opentext Application Automation Tools

Name of the Vulnerable Software and Affected Versions: OpenText Application Automation Tools versions 24.1.0 and below Description: The issue is related to an Improper Restriction of XML External Entity Reference vulnerability, which allows DTD Injection in OpenText Application Automation Tools...

8CVSS7.5AI score0.00114EPSS

Exploits0References5

Positive Technologies•added 2024/10/16 12:0 a.m.•4 views

PT-2024-29749 · Opentext · Opentext Application Automation Tools

2.4CVSS7.3AI score0.0016EPSS

Exploits0References5

NVD•added 2024/10/02 4:15 p.m.•7 views

CVE-2024-6360

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23...

9.8CVSS0.00098EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by