CVE-2024-1973 - Vulnerability Details - OpenCVE

Description

By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.

Published: 2024-03-25

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OpenText

Secure Content Manager

unaffected

Version	Status	Constraints
`10.0`	affected	< <=23.4

No data.

No data.

No data available yet.

Remediation

Vendor Solution

Apply the following patch builds in your data center. Secure Content Manager 23.4 Patch 1: PH_215013 - Content Manager 23.4 Patch 1 Build 111 https://kmviewer.saas.microfocus.com/#/1566945 Secure Content Manager 23.3 Patch 1: PH_215044 - Content Manager 23.3 Patch 1 Build 434 https://kmviewer.saas.microfocus.com/#/1567049 Secure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054 Secure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-17690	By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00145.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000027861

History

No history.

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-03-25T21:27:43.774Z

Updated: 2024-08-06T13:35:36.229Z

Reserved: 2024-02-28T15:31:04.998Z

Link: CVE-2024-1973

Vulnrichment

Updated: 2024-08-01T18:56:22.550Z

NVD

Status : Deferred

Published: 2024-03-25T22:37:19.383

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-1973

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-269

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1973", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-02-28T15:31:04.998Z", "datePublished": "2024-03-25T21:27:43.774Z", "dateUpdated": "2024-08-06T13:35:36.229Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Secure Content Manager", "vendor": "OpenText", "versions": [{"lessThan": "<=23.4", "status": "affected", "version": "10.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Evan Pearce of CyberCX"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. "}], "value": "By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. "}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-25T21:27:43.774Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000027861"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Apply the following patch builds in your data center.<br><br>Secure Content Manager 23.4 Patch 1: PH_215013 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://kmviewer.saas.microfocus.com/#/1566945\">Content Manager 23.4 Patch 1 Build 111</a><br>Secure Content Manager 23.3 Patch 1: PH_215044 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://kmviewer.saas.microfocus.com/#/1567049\">Content Manager 23.3 Patch 1 Build 434</a><br>Secure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054<br>Secure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402<br><br>"}], "value": "Apply the following patch builds in your data center.\n\nSecure Content Manager 23.4 Patch 1: PH_215013 - Content Manager 23.4 Patch 1 Build 111 https://kmviewer.saas.microfocus.com/#/1566945 \nSecure Content Manager 23.3 Patch 1: PH_215044 - Content Manager 23.3 Patch 1 Build 434 https://kmviewer.saas.microfocus.com/#/1567049 \nSecure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054\nSecure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Elevation of privileges vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.550Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027861", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "opentext", "product": "secure_content_manager", "cpes": ["cpe:2.3:a:opentext:secure_content_manager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.0", "status": "affected", "lessThanOrEqual": "23.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-06T13:32:31.130841Z", "id": "CVE-2024-1973", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T13:35:36.229Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000027861", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:56:22.550Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1973", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-06T13:32:31.130841Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:secure_content_manager:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "secure_content_manager", "versions": [{"status": "affected", "version": "10.0", "versionType": "custom", "lessThanOrEqual": "23.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-06T13:35:30.736Z"}}], "cna": {"title": "Elevation of privileges vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Evan Pearce of CyberCX"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "Secure Content Manager", "versions": [{"status": "affected", "version": "10.0", "lessThan": "<=23.4", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Apply the following patch builds in your data center.\n\nSecure Content Manager 23.4 Patch 1: PH_215013 - Content Manager 23.4 Patch 1 Build 111 https://kmviewer.saas.microfocus.com/#/1566945 \nSecure Content Manager 23.3 Patch 1: PH_215044 - Content Manager 23.3 Patch 1 Build 434 https://kmviewer.saas.microfocus.com/#/1567049 \nSecure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054\nSecure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402\n\n", "supportingMedia": [{"type": "text/html", "value": "Apply the following patch builds in your data center.<br><br>Secure Content Manager 23.4 Patch 1: PH_215013 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://kmviewer.saas.microfocus.com/#/1566945\">Content Manager 23.4 Patch 1 Build 111</a><br>Secure Content Manager 23.3 Patch 1: PH_215044 - <a target=\"_blank\" rel=\"nofollow\" href=\"https://kmviewer.saas.microfocus.com/#/1567049\">Content Manager 23.3 Patch 1 Build 434</a><br>Secure Content Manager 10.1 Patch 5: PH_215040 - Content Manager 10.1 Patch 5 Release Build 1054<br>Secure Content Manager 10.0 Patch 6: PH_215038 - Content Manager 10.0 Patch 6 Build 1402<br><br>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000027861"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. ", "supportingMedia": [{"type": "text/html", "value": "By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-03-25T21:27:43.774Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1973", "state": "PUBLISHED", "dateUpdated": "2024-08-06T13:35:36.229Z", "dateReserved": "2024-02-28T15:31:04.998Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-03-25T21:27:43.774Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}