CVE-2024-4189— Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-4189
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple XXE sinks in Run LoadRunner script step in OpenText Application Automation Tools
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins Plugin OpenText Application Automation Tools 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins Plugin是一个应用软件插件。 Jenkins Plugin OpenText Application Automation Tools 24.1.0及之前版本存在安全漏洞,该漏洞源于对用户提供的XML输入验证不足,远程用户可以将特制的XML代码传递给受影响的应用程序,并查看系统上任意文件的内容或向外部
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenText | OpenText Application Automation Tools | 24.1.0 and below | - |
II. Public POCs for CVE-2024-4189
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-4189
请登录查看更多情报信息。
Same Patch Batch · OpenText · 2024-10-16 · 5 CVEs total
| CVE-2024-4692 | Multiple missing permission checks | |
| CVE-2024-4184 | Multiple XXE sinks in ALM archive post-build step in OpenText Application Automation Tools | |
| CVE-2024-4690 | Insecure usage for DocumentBuilderFactory and TransformerFactory in OpenText Application A | |
| CVE-2024-4211 | Multiple missing permission checks |
IV. Related Vulnerabilities
Same vendor: OpenText
- CVE-2026-2123
Privilege escalation vulnerability in Operations Agent - CVE-2024-11604
Insertion of Sensitive Information into Log File - CVE-2025-13478
Cache Misconfiguration Leading to Cross-User Data Exposure - CVE-2025-8050
External Control of File vulnerability has been discovered i - CVE-2025-8052
HQL Injection vulnerability has been discovered in Opentext
Same weakness: CWE-611
- CVE-2026-41936
Vvveb < 1.0.8.2 XML External Entity Injection via Import - CVE-2026-40682
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntr - CVE-2026-6501
ILM Informatique jOpenDocument 代码问题漏洞 - CVE-2025-14543
Improper Restriction of XML External Entity Reference vulner - CVE-2024-13971
Arbitrary File Read and Server Side Request Forgery via XML
V. Comments for CVE-2024-4189
No comments yet