2024-07-31 22:03:15 +00:00
{
"id" : "CVE-2024-4187" ,
"sourceIdentifier" : "security@opentext.com" ,
"published" : "2024-07-31T21:15:18.320" ,
2024-08-15 16:03:24 +00:00
"lastModified" : "2024-08-15T14:45:27.797" ,
"vulnStatus" : "Analyzed" ,
2024-07-31 22:03:15 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Stored XSS vulnerability has been discovered in OpenText\u2122 Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites."
2024-08-01 14:03:18 +00:00
} ,
{
"lang" : "es" ,
"value" : " Se descubri\u00f3 una vulnerabilidad de XSS almacenado en el producto OpenText\u2122 Filr, que afecta a las versiones 24.1.1 y 24.2. La vulnerabilidad podr\u00eda hacer que los usuarios no reciban advertencias al hacer clic en enlaces a sitios externos."
2024-07-31 22:03:15 +00:00
}
] ,
"metrics" : {
"cvssMetricV40" : [
{
"source" : "security@opentext.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "4.0" ,
"vectorString" : "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:X/V:D/RE:L/U:Green" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"attackRequirements" : "PRESENT" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "PASSIVE" ,
"vulnerableSystemConfidentiality" : "LOW" ,
"vulnerableSystemIntegrity" : "NONE" ,
"vulnerableSystemAvailability" : "NONE" ,
"subsequentSystemConfidentiality" : "LOW" ,
"subsequentSystemIntegrity" : "NONE" ,
"subsequentSystemAvailability" : "NONE" ,
"exploitMaturity" : "NOT_DEFINED" ,
"confidentialityRequirements" : "NOT_DEFINED" ,
"integrityRequirements" : "NOT_DEFINED" ,
"availabilityRequirements" : "NOT_DEFINED" ,
"modifiedAttackVector" : "NOT_DEFINED" ,
"modifiedAttackComplexity" : "NOT_DEFINED" ,
"modifiedAttackRequirements" : "NOT_DEFINED" ,
"modifiedPrivilegesRequired" : "NOT_DEFINED" ,
"modifiedUserInteraction" : "NOT_DEFINED" ,
"modifiedVulnerableSystemConfidentiality" : "NOT_DEFINED" ,
"modifiedVulnerableSystemIntegrity" : "NOT_DEFINED" ,
"modifiedVulnerableSystemAvailability" : "NOT_DEFINED" ,
"modifiedSubsequentSystemConfidentiality" : "NOT_DEFINED" ,
"modifiedSubsequentSystemIntegrity" : "NOT_DEFINED" ,
"modifiedSubsequentSystemAvailability" : "NOT_DEFINED" ,
"safety" : "PRESENT" ,
"automatable" : "NO" ,
"recovery" : "NOT_DEFINED" ,
"valueDensity" : "DIFFUSE" ,
"vulnerabilityResponseEffort" : "LOW" ,
"providerUrgency" : "GREEN" ,
"baseScore" : 2.1 ,
"baseSeverity" : "LOW"
}
}
2024-08-15 16:03:24 +00:00
] ,
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.4 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.3 ,
"impactScore" : 2.7
}
2024-07-31 22:03:15 +00:00
]
} ,
"weaknesses" : [
2024-08-15 16:03:24 +00:00
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
} ,
2024-07-31 22:03:15 +00:00
{
"source" : "security@opentext.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-356"
}
]
}
] ,
2024-08-15 16:03:24 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:opentext:filr:24.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F0872B0-D841-491D-8442-4DA5441EF1DD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:opentext:filr:24.2:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "55F710C5-B6B3-4D8E-8B0D-A9891DAF5650"
}
]
}
]
}
] ,
2024-07-31 22:03:15 +00:00
"references" : [
{
"url" : "https://portal.microfocus.com/s/article/KM000032291" ,
2024-08-15 16:03:24 +00:00
"source" : "security@opentext.com" ,
"tags" : [
"Vendor Advisory"
]
2024-07-31 22:03:15 +00:00
}
]
}
