CVE-2024-4691

medium

Description

Medium OpenText Application Automation Tools Plugin 24.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate ALM jobs configurations, ALM Octane configurations and Service Virtualization configurations. OpenText Application Automation Tools Plugin 24.1.1-beta requires Item/Configure permission to enumerate ALM jobs configurations, ALM Octane configurations and Service Virtualization configurations. The fix is currently available only as a beta release. Beta releases will not appear in the regular update center but can be found in the experimental update center. For more information on how to install a beta release, see this documentation.

Details

Source: Mitre, NVD

Published: 2024-05-24

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N