CVE-2026-2123

EPSS 0.02%
Veröffentlicht 31.03.2026 17:18:43
Zuletzt bearbeitet 03.04.2026 18:46:01
Quelle security@opentext.com
CVE-Watchlists
Login
Unerledigt
Login

Privilege escalation vulnerability in Operations Agent

A security audit identified a privilege escalation
vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions
Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of
Oneconsult AG for reporting this vulnerability

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microfocus ≫ Operations Agent Version >= 12.22 <= 12.29

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@opentext.com	8.6	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-280 Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

https://portal.microfocus.com/s/article/KM000046068

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-2123

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2123

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2123

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2123