CVE-2024-4690 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2024-4690?

CVE-2024-4690 has a CVSS score of 8.0 (HIGH). This vulnerability allows attackers to perform XML External Entity (XXE) attacks through DTD injection in OpenText Application Automation Tools. Attackers can read arbitrary files from the server, potentially leading to sensitive data exposure. All users running affected versions are at risk.

📋 TL;DR

This vulnerability allows attackers to perform XML External Entity (XXE) attacks through DTD injection in OpenText Application Automation Tools. Attackers can read arbitrary files from the server, potentially leading to sensitive data exposure. All users running affected versions are at risk.

💻 Affected Systems

Products:

OpenText Application Automation Tools

Versions: 24.1.0 and below

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using vulnerable versions regardless of configuration.

📦 What is this software?

Application Automation Tools by Microfocus

View all CVEs affecting Application Automation Tools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through file system access, credential theft, and potential remote code execution via XXE.

🟠

Likely Case

Unauthorized reading of sensitive files (configuration files, credentials, source code) from the server.

🟢

If Mitigated

Limited impact with proper XML parser configuration and network segmentation.

🌐 Internet-Facing: HIGH - Directly exploitable via XML input to affected endpoints.

🏢 Internal Only: HIGH - Internal attackers can exploit this vulnerability if they have access to the application.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XXE vulnerabilities are well-understood attack vectors with readily available exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.1.1 or later

Vendor Advisory: https://portal.microfocus.com/s/article/KM000033548?language=en_US

Restart Required: Yes

Instructions:

1. Download the latest version from OpenText support portal. 2. Backup current installation. 3. Install the update following vendor documentation. 4. Restart the application services.

🔧 Temporary Workarounds

Disable DTD Processing

all

Configure XML parser to disable external entity processing

Set XML parser properties: FEATURE_SECURE_PROCESSING=true, DISALLOW_DOCTYPE_DECL=true

Input Validation

all

Implement strict XML schema validation and reject DTD declarations

Implement XML schema validation before processing

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems
Deploy web application firewall with XXE protection rules

🔍 How to Verify

Check if Vulnerable:

Check application version in admin console or configuration files

Check Version:

Check application.properties or admin interface for version information

Verify Fix Applied:

Verify version is 24.1.1 or later and test XXE payloads are rejected

📡 Detection & Monitoring

Log Indicators:

XML parsing errors
File access attempts via XXE payloads
Unusual XML input patterns

Network Indicators:

HTTP requests containing XML with DTD declarations
Outbound connections initiated by XML parser

SIEM Query:

source="application_logs" AND ("DOCTYPE" OR "ENTITY" OR "SYSTEM") AND NOT expected_xml_pattern

📊 Metadata

CVE ID: CVE-2024-4690

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-611

Published: October 16, 2024

Last Updated: October 21, 2024

🔗 References

https://portal.microfocus.com/s/article/KM000033548?language=en_US Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4690, you might also want to check these: