Application Automation Tools Security Vulnerabilities and Issues — Application Automation Tools CVE List

MicrofocusApplication Automation Tools

9 matches found

CVE•added 2021/04/08 9:29 p.m.•121 views

CVE-2021-22512

CVE-2021-22512 is a CSRF vulnerability in the Micro Focus Application Automation Tools Plugin for Jenkins (affected: 6.7 and earlier). The issue arises in form validation methods that do not perform permission checks, allowing an attacker with Overall/Read to access attacker-specified URLs using ...

6.5CVSS6.5AI score0.00117EPSS

CVE•added 2021/04/08 9:27 p.m.•120 views

CVE-2021-22511

CVE-2021-22511 affects Micro Focus Application Automation Tools Plugin for Jenkins (versions 6.7 and earlier). It is an improper certificate validation vulnerability where the plugin could unconditionally disable SSL/TLS certificate validation for connections to Service Virtualization servers. Ro...

6.5CVSS6.4AI score0.00091EPSS

CVE•added 2021/04/08 9:25 p.m.•113 views

CVE-2021-22510

CVE-2021-22510 affects the Micro Focus Application Automation Tools Plugin for Jenkins (plugin version 6.7 and earlier). The root cause is that user input is not escaped in a form validation response, leading to a Reflected XSS vulnerability. Several connected sources corroborate this issue and n...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2021/04/08 9:16 p.m.•108 views

CVE-2021-22513

CVE-2021-22513 is a real-world vulnerability affecting the Micro Focus Application Automation Tools Plugin for Jenkins, version 6.7 and earlier. The root cause is missing authorization checks in form-validation methods, enabling attackers with Overall/Read permission to access attacker-specified ...

6.5CVSS6.3AI score0.00139EPSS

CVE•added 2024/10/16 4:41 p.m.•55 views

CVE-2024-4211

CVE-2024-4211 affects OpenText Application Automation Tools (v24.1.0 and below). Root cause: improper validation of input quantity coupled with multiple missing permission checks in ALM job configuration. Impact: users with Overall/Read permission could enumerate ALM server names, usernames and c...

2.4CVSS4.8AI score0.0016EPSS

CVE•added 2024/10/16 4:41 p.m.•53 views

CVE-2024-4692

CVE-2024-4692 affects OpenText Application Automation Tools (versions 24.1.0 and below). Root cause: improper validation of input quantity and multiple missing permission checks in the Service Virtualization configuration. Impact: could allow users with Overall/Read permission to enumerate Servic...

2.4CVSS4.9AI score0.0016EPSS

CVE•added 2024/10/16 4:41 p.m.•51 views

CVE-2024-4184

OpenText Application Automation Tools plugin for Jenkins (versions 24.1.0 and earlier) is affected by CVE-2024-4184 due to improper restriction of XML external entity references, enabling DTD injection when parsing input files. Impact described as high in CVSS metrics; exploitation status is not ...

8CVSS7.9AI score0.00135EPSS

CVE•added 2024/10/16 4:41 p.m.•50 views

CVE-2024-4690

CVE-2024-4690 affects the OpenText Application Automation Tools Plugin for Jenkins (versions 24.1.0 and earlier). The root cause is improper configuration of XML parsers, enabling XML external entity (XXE) attacks and DTD Injection when processing input files for build steps. Reported impact incl...

8CVSS7.9AI score0.00114EPSS

CVE•added 2024/10/16 4:41 p.m.•42 views

CVE-2024-4189

CVE-2024-4189 affects OpenText Application Automation Tools (version 24.1.0 and earlier). The issue is an XML External Entity (XXE) / DTD Injection caused by an improper restriction on external entities in the tool’s XML parsing, leading to potential compromise of confidentiality, integrity, and ...

8CVSS7.9AI score0.00135EPSS