Lucene search

[email protected]CVE-2024-1973

HistoryMar 25, 2024 - 10:37 p.m.

CVE-2024-1973

2024-03-2522:37:19

CWE-269

[email protected]

web.nvd.nist.gov

cve-2024-1973

content manager

privilege escalation

vulnerability

unauthorized operations

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Secure Content Manager",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThan": "<=23.4",
        "status": "affected",
        "version": "10.0",
        "versionType": "custom"
      }
    ]
  }
]

References

portal.microfocus.com/s/article/KM000027861

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-1973

cvelist1 nvd1