Microfocus: >> Operations Agent >> 12.22 Security Vulnerabilities
A security audit identified a privilege escalation
vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions
Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of
Oneconsult AG for reporting this vulnerability
CVSS Score
8.6
EPSS Score
0.0
Published
2026-03-31
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
CVSS Score
1.8
EPSS Score
0.002
Published
2024-10-28
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
CVSS Score
8.8
EPSS Score
0.0
Published
2024-02-15