PT-2024-29610 · Opentext · Opentext Documentum Server
Published
2024-07-30
·
Updated
2024-07-31
·
CVE-2024-4188
CVSS v4.0
7.1
High
| Vector | AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:N/R:A/V:C/RE:H/U:Red |
Name of the Vulnerable Software and Affected Versions
OpenText Documentum Server versions 16.7 through 23.4
Description
The issue is related to an Unprotected Transport of Credentials vulnerability in OpenText Documentum Server, which could allow Credential Stuffing.
Recommendations
For versions 16.7 through 23.4, update to a version that includes the fix for this issue to prevent Credential Stuffing attacks.
As a temporary workaround, consider restricting access to sensitive areas of the server to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Documentum Server