{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10863", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-11-05T14:11:06.490Z", "datePublished": "2024-11-22T15:36:39.075Z", "dateUpdated": "2024-11-26T14:19:22.506Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Secure Content Manager", "vendor": "OpenText", "versions": [{"lessThan": "<24.4", "status": "affected", "version": "10.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Evan Pearce of CyberCX"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.<p>This issue affects Secure Content Manager: from 10.1 before &lt;24.4.</p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.</span>\n\n<br>"}], "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4.\n\n\n\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side."}], "impacts": [{"capecId": "CAPEC-268", "descriptions": [{"lang": "en", "value": "CAPEC-268 Audit Log Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-778", "description": "CWE-778: Insufficient Logging", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-11-22T15:36:39.075Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000036389?"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact<br><br>Apply the following patch builds in your data center.<br><br>Secure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86<br>Secure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123<br>Secure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240<br>Secure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185<br><br>"}], "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\n\nApply the following patch builds in your data center.\n\nSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\nSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\nSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\nSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185"}], "source": {"discovery": "EXTERNAL"}, "title": "Client-side audit exclusion vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-22T17:46:06.108331Z", "id": "CVE-2024-10863", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T14:19:22.506Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-10863", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-11-05T14:11:06.490Z", "datePublished": "2024-11-22T15:36:39.075Z", "dateUpdated": "2024-11-26T14:19:22.506Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Secure Content Manager", "vendor": "OpenText", "versions": [{"lessThan": "<24.4", "status": "affected", "version": "10.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Evan Pearce of CyberCX"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.<p>This issue affects Secure Content Manager: from 10.1 before &lt;24.4.</p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.</span>\n\n<br>"}], "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4.\n\n\n\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side."}], "impacts": [{"capecId": "CAPEC-268", "descriptions": [{"lang": "en", "value": "CAPEC-268 Audit Log Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.1, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-778", "description": "CWE-778: Insufficient Logging", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-11-22T15:36:39.075Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000036389?"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact<br><br>Apply the following patch builds in your data center.<br><br>Secure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86<br>Secure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123<br>Secure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240<br>Secure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185<br><br>"}], "value": "Audit trails will be captured on the server side instead of the client side, thereby eliminating the vulnerability and its impact\n\nApply the following patch builds in your data center.\n\nSecure Content Manager 24.3 Patch 1: Patch 219146 - Content Manager 24.3 Patch 1 Build 86\nSecure Content Manager 24.2 Patch 1: Patch 219145 - Content Manager 24.2 Patch 1 Build 123\nSecure Content Manager 23.4 Patch 2: Patch 1593502 - Content Manager 23.4 Patch 2 Build 240\nSecure Content Manager 10.1 Patch 6: Patch 1593711 \u2013 Content Manager 10.1 Patch 6 Build 1185"}], "source": {"discovery": "EXTERNAL"}, "title": "Client-side audit exclusion vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-10863", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-22T17:46:06.108331Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T17:46:11.859Z"}}]}}

{"descriptions": [{"lang": "en", "value": ": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4.\n\n\n\nEnd-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side."}], "id": "CVE-2024-10863", "lastModified": "2024-11-22T16:15:21.257", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2024-11-22T16:15:21.257", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000036389?"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-778"}], "source": "security@opentext.com", "type": "Secondary"}]}

{}

{}