Lucene search

OpenTextVULNRICHMENT:CVE-2024-6361

HistoryAug 05, 2024 - 6:22 p.m.

CVE-2024-6361 Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product.

2024-08-0518:22:14

CWE-79

OpenText

github.com

opentext alm octane

xss

cve-2024-6361

remote code execution

version 23.4

CVSS4

7.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N/S:N/AU:N/U:Red/R:A/V:C/RE:M

AI Score

7.6

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.

CNA Affected

[
  {
    "vendor": "OpenText™",
    "product": "ALM Octane.",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "23.4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*"
    ],
    "vendor": "opentext",
    "product": "alm_octane",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "23.4",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

portal.microfocus.com/s/article/KM000032605?language=en_US