CVE-2024-7085 - Vulnerability Details - OpenCVE

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000036201?language=en_US

History

Wed, 15 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1.
Title		Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM).
Weaknesses		CWE-79
References		https://portal.microfocus.com/s/article/KM000036201?language=en_US
Metrics		cvssV4_0 `{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2025-01-15T16:38:55.440Z

Updated: 2025-01-15T16:38:55.440Z

Reserved: 2024-07-24T17:09:47.735Z

Link: CVE-2024-7085

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-15T17:15:18.773

Modified: 2025-01-15T17:15:18.773

Link: CVE-2024-7085

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7085", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-07-24T17:09:47.735Z", "datePublished": "2025-01-15T16:38:55.440Z", "dateUpdated": "2025-01-15T16:38:55.440Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Solutions Business Manager (SBM)", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "12.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Wiktoria Lewandowska"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS. \n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could result in the exposure of private information to an unauthorized actor. </span>\n\n<p>This issue affects Solutions Business Manager (SBM): through 12.2.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.\u00a0\n\nThe vulnerability could result in the exposure of private information to an unauthorized actor. \n\nThis issue affects Solutions Business Manager (SBM): through 12.2.1."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-01-15T16:38:55.440Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000036201?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000036201?language=en_US\">Exposure of private information vulnerability in OpenText Solutions Business Manager (SBM) CVE-2024-7085</a>\n\n<br>"}], "value": "Exposure of private information vulnerability in OpenText Solutions Business Manager (SBM) CVE-2024-7085 https://portal.microfocus.com/s/article/KM000036201"}], "source": {"discovery": "UNKNOWN"}, "title": "Exposure of private information vulnerability has been discovered in OpenText\u2122 Solutions Business Manager (SBM).", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.\u00a0\n\nThe vulnerability could result in the exposure of private information to an unauthorized actor. \n\nThis issue affects Solutions Business Manager (SBM): through 12.2.1."}], "id": "CVE-2024-7085", "lastModified": "2025-01-15T17:15:18.773", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "recovery": "AUTOMATIC", "safety": "NEGLIGIBLE", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2025-01-15T17:15:18.773", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000036201?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@opentext.com", "type": "Secondary"}]}