OpenText product name changes coming to the community soon! Learn more.

Wikis - Page

Security alert - CVE-2024-10863: Audit log vulnerability affects OpenText Secure Content Manager

1 Likes

Security alert

 

Client-side audit exclusion vulnerability in OpenTextTm Secure Content Manager

 

Systems Affected:

OpenTextTm Secure Content Manager 24.3 and older versions

 

Details:

CVE-2024-10863: Audit log vulnerability affects OpenText Secure Content Manager

 

End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.

 

Impact:

If users exploit the vulnerability, client-side events will not be captured in the central audit log.

For more details click here

Labels:

Support Tips/Knowledge Docs
Comment List
Parents Comment
  • Feedback from CPE.

    Does client-side mean 'any client application' e.g. Web Client / Mobile App / Desktop?

                   No, this applies only to the CM Desktop application

     

    Does 'central audit log' mean both the Online and Offline Audit Log?

                    No, this is only for the Online Audit log

     

    Do we know a CVE rating, and is there going to be a hotfix or the only way to remediate the CVE is to apply the patch?

                    Yes, it scored 5.1(medium CVSS scoring), no hotfix will be provided, the only way is to apply patches.

    Regards

    Graeme Christieson

    Lead Technical Support Specialist

    Global Technical Support

    QLD, Australia

Children
Related
Recommended