{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7085", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-07-24T17:09:47.735Z", "datePublished": "2025-01-15T16:38:55.440Z", "dateUpdated": "2025-01-15T20:18:52.458Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Solutions Business Manager (SBM)", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "12.2.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Wiktoria Lewandowska"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could result in the exposure of private information to an unauthorized actor. </span>\n\n<p>This issue affects Solutions Business Manager (SBM): through 12.2.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.\u00a0\n\nThe vulnerability could result in the exposure of private information to an unauthorized actor. \n\nThis issue affects Solutions Business Manager (SBM): through 12.2.1."}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 8.2, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-01-15T16:38:55.440Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000036201?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000036201?language=en_US\">Exposure of private information vulnerability in OpenText Solutions Business Manager (SBM) CVE-2024-7085</a>\n\n<br>"}], "value": "Exposure of private information vulnerability in OpenText Solutions Business Manager (SBM) CVE-2024-7085 https://portal.microfocus.com/s/article/KM000036201"}], "source": {"discovery": "UNKNOWN"}, "title": "Exposure of private information vulnerability has been discovered in OpenText\u2122 Solutions Business Manager (SBM).", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-15T20:18:48.918889Z", "id": "CVE-2024-7085", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T20:18:52.458Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7085", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-15T20:18:48.918889Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T20:17:02.816Z"}}], "cna": {"title": "Exposure of private information vulnerability has been discovered in OpenText\u2122 Solutions Business Manager (SBM).", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Wiktoria Lewandowska"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 8.2, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:N/R:A/V:C/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Solutions Business Manager (SBM)", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.2.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Exposure of private information vulnerability in OpenText Solutions Business Manager (SBM) CVE-2024-7085 https://portal.microfocus.com/s/article/KM000036201", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000036201?language=en_US\">Exposure of private information vulnerability in OpenText Solutions Business Manager (SBM) CVE-2024-7085</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000036201?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.\u00a0\n\nThe vulnerability could result in the exposure of private information to an unauthorized actor. \n\nThis issue affects Solutions Business Manager (SBM): through 12.2.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could result in the exposure of private information to an unauthorized actor. </span>\n\n<p>This issue affects Solutions Business Manager (SBM): through 12.2.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-01-15T16:38:55.440Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7085", "state": "PUBLISHED", "dateUpdated": "2025-01-15T20:18:52.458Z", "dateReserved": "2024-07-24T17:09:47.735Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2025-01-15T16:38:55.440Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 Solutions Business Manager (SBM) allows Stored XSS.\u00a0\n\nThe vulnerability could result in the exposure of private information to an unauthorized actor. \n\nThis issue affects Solutions Business Manager (SBM): through 12.2.1."}], "id": "CVE-2024-7085", "lastModified": "2025-01-15T17:15:18.773", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "recovery": "AUTOMATIC", "safety": "NEGLIGIBLE", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2025-01-15T17:15:18.773", "references": [{"source": "security@opentext.com", "url": "https://portal.microfocus.com/s/article/KM000036201?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@opentext.com", "type": "Secondary"}]}

{}

{}