CVE-2024-5532

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. 

The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.

This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.

Affected Software

VendorProductVersion RangeStatus
OpenText™Operations Agent12.20affected
OpenText™Operations Agent12.21affected
OpenText™Operations Agent12.22affected
OpenText™Operations Agent12.23affected
OpenText™Operations Agent12.24affected
OpenText™Operations Agent12.25affected
OpenText™Operations Agent12.26affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References