CVE-2024-0622 - Vulnerability Details - OpenCVE

Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Operations Agent

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:operations_agent::::::::
	cpe:2.3:a:microfocus:operations_agent:12.15:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-16415	Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.

Fixes

Solution

SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com) https://portal.microfocus.com/s/article/KM000026555

Workaround

No workaround given by the vendor.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000026555?language=en_US

History

Thu, 23 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Microfocus Microfocus operations Agent
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:microfocus:operations_agent:::::::: cpe:2.3:a:microfocus:operations_agent:12.15:::::::*
Vendors & Products		Microfocus Microfocus operations Agent

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-02-15T20:58:36.501Z

Updated: 2024-08-23T19:22:56.858Z

Reserved: 2024-01-16T19:09:28.101Z

Link: CVE-2024-0622

Vulnrichment

Updated: 2024-08-01T18:11:35.641Z

NVD

Status : Analyzed

Published: 2024-02-15T21:15:08.860

Modified: 2025-01-23T16:52:07.417

Link: CVE-2024-0622

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0622", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-01-16T19:09:28.101Z", "datePublished": "2024-02-15T20:58:36.501Z", "dateUpdated": "2024-08-23T19:22:56.858Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Non-Windows"], "product": "Operations Agent ", "vendor": "opentext", "versions": [{"status": "affected", "version": "12.15"}, {"status": "affected", "version": "12.20"}, {"status": "affected", "version": "12.21"}, {"status": "affected", "version": "12.22"}, {"status": "affected", "version": "12.23"}, {"status": "affected", "version": "12.24"}, {"status": "affected", "version": "12.25"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Local privilege escalation vulnerability</span> affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. </span></span><br>"}], "value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-02-20T15:50:33.307Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026555?language=en_US\">SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com)</a>\n\n<br>"}], "value": "\n SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com) https://portal.microfocus.com/s/article/KM000026555 \n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms. ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.641Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "microfocus", "product": "operations_agent", "cpes": ["cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "12.15", "status": "affected"}, {"version": "12.20", "status": "affected"}, {"version": "12.21", "status": "affected"}, {"version": "12.22", "status": "affected"}, {"version": "12.23", "status": "affected"}, {"version": "12.24", "status": "affected"}, {"version": "12.25", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-20T19:28:21.722838Z", "id": "CVE-2024-0622", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:22:56.858Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.641Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0622", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-20T19:28:21.722838Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*"], "vendor": "microfocus", "product": "operations_agent", "versions": [{"status": "affected", "version": "12.15"}, {"status": "affected", "version": "12.20"}, {"status": "affected", "version": "12.21"}, {"status": "affected", "version": "12.22"}, {"status": "affected", "version": "12.23"}, {"status": "affected", "version": "12.24"}, {"status": "affected", "version": "12.25"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:22:43.525Z"}}], "cna": {"title": "Local privilege escalation vulnerability could affect OpenText Operations Agent on Non-Windows platforms. ", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "opentext", "product": "Operations Agent ", "versions": [{"status": "affected", "version": "12.15"}, {"status": "affected", "version": "12.20"}, {"status": "affected", "version": "12.21"}, {"status": "affected", "version": "12.22"}, {"status": "affected", "version": "12.23"}, {"status": "affected", "version": "12.24"}, {"status": "affected", "version": "12.25"}], "platforms": ["Non-Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\n SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com) https://portal.microfocus.com/s/article/KM000026555 \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026555?language=en_US\">SUPPORT COMMUNICATION - SECURITY BULLETIN Potential Security Impact: Local (microfocus.com)</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">Local privilege escalation vulnerability</span> affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. </span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-02-20T15:50:33.307Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0622", "state": "PUBLISHED", "dateUpdated": "2024-08-23T19:22:56.858Z", "dateReserved": "2024-01-16T19:09:28.101Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-02-15T20:58:36.501Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:operations_agent:*:*:*:*:*:*:*:*", "matchCriteriaId": "60CE247E-60E8-4397-A847-5B0701406D54", "versionEndIncluding": "12.25", "versionStartIncluding": "12.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:operations_agent:12.15:*:*:*:*:*:*:*", "matchCriteriaId": "973DFAB3-05AE-49A0-917B-ADAD9C296322", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Local privilege escalation vulnerability\u00a0affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability\u00a0could allow local privilege escalation.\u00a0\n"}, {"lang": "es", "value": "La vulnerabilidad de escalada de privilegios local afecta las versiones 12.15 y 12.20-12.25 del producto OpenText Operations Agent cuando se instala en plataformas que no son Windows. La vulnerabilidad podr\u00eda permitir una escalada de privilegios locales."}], "id": "CVE-2024-0622", "lastModified": "2025-01-23T16:52:07.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-15T21:15:08.860", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000026555?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@opentext.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}