Plattform
other
Komponente
secure-content-manager
Behoben in
<=23.4
CVE-2024-1973 describes a privilege escalation vulnerability within Secure Content Manager. Attackers can leverage this flaw to gain unauthorized access and perform actions beyond their intended permissions. This vulnerability impacts versions 10.0 up to and including 23.4. A fix is available in versions <=23.4.
The primary impact of CVE-2024-1973 is the potential for unauthorized privilege escalation. A lower-privileged user, by exploiting this vulnerability, could gain access to sensitive data, modify system configurations, or even execute commands with elevated privileges. This could lead to a significant compromise of the entire Content Manager environment and potentially the systems it interacts with. The blast radius extends to any data or functionality accessible by the Content Manager, making it a critical concern for organizations relying on this platform.
CVE-2024-1973 was publicly disclosed on March 25, 2024. Currently, there is no indication of active exploitation in the wild. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog at the time of this writing.
Organizations utilizing Secure Content Manager versions 10.0 through 23.4 are at risk, particularly those with complex user permission structures or environments where lower-privileged users have access to sensitive data. Shared hosting environments using this software are also at increased risk due to the potential for cross-tenant exploitation.
disclosure
Exploit-Status
EPSS
0.14% (35% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2024-1973 is to immediately upgrade Secure Content Manager to a version <=23.4. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter access controls and user permission restrictions within Content Manager. Review existing user roles and privileges to minimize the potential impact of a successful exploitation. While not a direct fix, these measures can limit the attacker's ability to perform unauthorized actions. After upgrade, confirm by verifying the version number within the Content Manager administration interface.
Actualice OpenText Secure Content Manager a una versión posterior a la 23.4. Esto solucionará la vulnerabilidad de elevación de privilegios. Consulte el artículo KM000027861 en el portal de Micro Focus para obtener más detalles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-1973 is a HIGH severity vulnerability allowing lower-privileged users to elevate privileges and perform unauthorized actions within Secure Content Manager versions 10.0 through 23.4.
Yes, if you are running Secure Content Manager versions 10.0 to 23.4, you are potentially affected by this vulnerability.
Upgrade Secure Content Manager to a version <=23.4 to remediate the vulnerability. Implement stricter access controls as an interim measure.
Currently, there are no publicly known active exploitation campaigns, but the HIGH severity and potential for privilege escalation make it a likely target.
Refer to the official Secure Content Manager advisory for detailed information and updates regarding CVE-2024-1973.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.