OpenText AT 24.1.0 and below Access Control Validation Flaw
CVE-2024-4211 Published on October 16, 2024
Multiple missing permission checks
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers.
This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Weakness Type
Improper Handling of Insufficient Permissions or Privileges
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the application in an invalid state.
Products Associated with CVE-2024-4211
Want to know whenever a new CVE is published for Micro Focus Application Automation Tools? stack.watch will email you.
Affected Versions
OpenText Application Automation Tools Version 24.1.0 and below is affected by CVE-2024-4211Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.