CVE-2024-6360 - OpenCVE

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.

Attack Vector Local

Attack Complexity High

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000033373?language=en_US

History

Wed, 02 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 02 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
Description		Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
Title		Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText™ Vertica.
Weaknesses		CWE-732
References		https://portal.microfocus.com/s/article/KM000033373?language=en_US
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-10-02T15:19:15.457Z

Updated: 2024-10-02T16:30:37.533Z

Reserved: 2024-06-26T20:35:10.510Z

Link: CVE-2024-6360

Vulnrichment

Updated: 2024-10-02T16:24:07.686Z

NVD

Status : Awaiting Analysis

Published: 2024-10-02T16:15:11.103

Modified: 2024-10-04T13:50:43.727

Link: CVE-2024-6360

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6360", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-06-26T20:35:10.510Z", "datePublished": "2024-10-02T15:19:15.457Z", "dateUpdated": "2024-10-02T16:30:37.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vertica", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "10.x", "status": "affected", "version": "10.0", "versionType": "custom"}, {"lessThanOrEqual": "11.x", "status": "affected", "version": "11.0", "versionType": "custom"}, {"lessThanOrEqual": "12.x", "status": "affected", "version": "12.0", "versionType": "custom"}, {"lessThanOrEqual": "23.x", "status": "affected", "version": "23.0", "versionType": "custom"}, {"lessThanOrEqual": "24.x", "status": "affected", "version": "24.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Davide Brian Di Campi, TIM Security Red Team Research"}, {"lang": "en", "type": "finder", "value": "Massimiliano Brolli, TIM Security Red Team Research"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in <span style=\"background-color: var(--wht);\">unauthorized access or privileges to Vertica agent apikey.</span><br><p>This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.</p>"}], "value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u00a0unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "GREEN", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-10-02T16:30:37.533Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000033373?language=en_US\">https://portal.microfocus.com/s/article/KM000033373?language=en_US</a><br>"}], "value": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText\u2122 Vertica.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T16:23:57.623653Z", "id": "CVE-2024-6360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:24:14.201Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6360", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-06-26T20:35:10.510Z", "datePublished": "2024-10-02T15:19:15.457Z", "dateUpdated": "2024-10-02T16:24:14.201Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Vertica", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "10.x", "status": "affected", "version": "10.0", "versionType": "custom"}, {"lessThanOrEqual": "11.x", "status": "affected", "version": "11.0", "versionType": "custom"}, {"lessThanOrEqual": "12.x", "status": "affected", "version": "12.0", "versionType": "custom"}, {"lessThanOrEqual": "23.x", "status": "affected", "version": "23.0", "versionType": "custom"}, {"lessThanOrEqual": "24.x", "status": "affected", "version": "24.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in <span style=\"background-color: var(--wht);\">unauthorized access or privileges to Vertica agent apikey.</span><br><p>This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.</p>"}], "value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u00a0unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X."}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "GREEN", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-10-02T15:19:15.457Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000033373?language=en_US\">https://portal.microfocus.com/s/article/KM000033373?language=en_US</a><br>"}], "value": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in OpenText\u2122 Vertica.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T16:23:57.623653Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T16:24:07.686Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Permission Assignment for Critical Resource vulnerability in OpenText\u2122 Vertica could allow Privilege Abuse and result in\u00a0unauthorized access or privileges to Vertica agent apikey.\nThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X."}, {"lang": "es", "value": "La vulnerabilidad de asignaci\u00f3n incorrecta de permisos para recursos cr\u00edticos en OpenText\u2122 Vertica podr\u00eda permitir el abuso de privilegios y dar como resultado el acceso no autorizado o los privilegios a la clave API del agente de Vertica. Este problema afecta a Vertica: de la versi\u00f3n 10.0 a la 10.X, de la versi\u00f3n 11.0 a la 11.X, de la versi\u00f3n 12.0 a la 12.X, de la versi\u00f3n 23.0 a la 23.X, de la versi\u00f3n 24.0 a la 24.X."}], "id": "CVE-2024-6360", "lastModified": "2024-10-04T13:50:43.727", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "GREEN", "recovery": "USER", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Green", "version": "4.0", "vulnerabilityResponseEffort": "LOW", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2024-10-02T16:15:11.103", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000033373?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "security@opentext.com", "type": "Secondary"}]}