CVE-2024-7050 - Vulnerability Details - OpenCVE

Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Active

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00114.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Opentext	Directory Services

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-48051	Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.

Fixes

Solution

https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-07-26T15:14:57.182Z

Updated: 2024-08-01T21:45:38.396Z

Reserved: 2024-07-23T19:16:36.733Z

Link: CVE-2024-7050

Vulnrichment

Updated: 2024-07-26T18:19:27.800Z

NVD

Status : Awaiting Analysis

Published: 2024-07-26T16:15:03.847

Modified: 2024-11-21T09:50:48.257

Link: CVE-2024-7050

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7050", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-07-23T19:16:36.733Z", "datePublished": "2024-07-26T15:14:57.182Z", "dateUpdated": "2024-08-01T21:45:38.396Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenText Directory Services", "vendor": "OpenText", "versions": [{"status": "affected", "version": "24.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.<p>This issue affects OpenText Directory Services: 24.2.</p>"}], "value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:H/SI:L/SA:N/S:N/AU:N/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-07-26T15:14:57.182Z"}, "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213\">https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213</a><br>"}], "value": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "directory_services", "cpes": ["cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "24.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-26T18:17:19.835212Z", "id": "CVE-2024-7050", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:19:33.355Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:45:38.396Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7050", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-26T18:17:19.835212Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "directory_services", "versions": [{"status": "affected", "version": "24.2"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-26T18:19:27.800Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.3, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:H/SI:L/SA:N/S:N/AU:N/R:A/V:D/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "OpenText Directory Services", "versions": [{"status": "affected", "version": "24.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213\">https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213</a><br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.", "supportingMedia": [{"type": "text/html", "value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.<p>This issue affects OpenText Directory Services: 24.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-07-26T15:14:57.182Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7050", "state": "PUBLISHED", "dateUpdated": "2024-07-26T18:19:33.355Z", "dateReserved": "2024-07-23T19:16:36.733Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-07-26T15:14:57.182Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2."}, {"lang": "es", "value": " Vulnerabilidad de autenticaci\u00f3n incorrecta en OpenText OpenText Directory Services puede permitir la omisi\u00f3n de autenticaci\u00f3n multifactor en escenarios particulares. Este problema afecta a OpenText Directory Services: 24.2."}], "id": "CVE-2024-7050", "lastModified": "2024-11-21T09:50:48.257", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "recovery": "AUTOMATIC", "safety": "NEGLIGIBLE", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "LOW", "userInteraction": "ACTIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2024-07-26T16:15:03.847", "references": [{"source": "security@opentext.com", "url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@opentext.com", "type": "Secondary"}]}