CVE-2024-4692

Name of the Vulnerable Software and Affected Versions OpenText Application Automation Tools versions 24.1.0 and below

Description The issue is related to improper validation of specified quantity in input, allowing exploitation of incorrectly configured access control security levels. Multiple missing permission checks have been discovered in the Service Virtualization configuration, which could allow users with Overall/Read permission to enumerate Service Virtualization server names.

Recommendations For OpenText Application Automation Tools versions 24.1.0 and below, update to a version above 24.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Service Virtualization configuration to minimize the risk of exploitation. Avoid using the Overall/Read permission for users who do not require it, until the issue is resolved.