Microsoft
CVE-2024-10863
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (opentext) · only source for this CVE.
CVSS VectorVendor: opentext
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4.
End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.
AnalysisAI
: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.1 before <24.4. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-778. : Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.
Affected ProductsAI
OpenText Secure Content Manager on Windows.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-778 – Insufficient Logging
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today