Lucene search

OpenTextCVE-2023-4964

HistoryOct 30, 2023 - 3:15 p.m.

CVE-2023-4964

2023-10-3015:15:42

CWE-601

OpenText

web.nvd.nist.gov

cve-2023-4964

open redirect vulnerability

opentext

smax

amx

security vulnerability

web security

nvd

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Potential open redirect vulnerability
in opentext Service Management Automation X
(SMAX) versions 2020.05, 2020.08,
2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset
Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The
vulnerability could allow attackers to redirect a user to
malicious websites.

Affected configurations

Nvd

Node

microfocusasset_management_xMatch2021.08

microfocusasset_management_xMatch2021.11

microfocusasset_management_xMatch2022.05

microfocusasset_management_xMatch2022.11

microfocusservice_management_automation_xMatch2020.05

microfocusservice_management_automation_xMatch2020.08

microfocusservice_management_automation_xMatch2020.11

microfocusservice_management_automation_xMatch2021.02

microfocusservice_management_automation_xMatch2021.05

microfocusservice_management_automation_xMatch2021.08

microfocusservice_management_automation_xMatch2021.11

microfocusservice_management_automation_xMatch2022.05

microfocusservice_management_automation_xMatch2022.11

VendorProductVersionCPE
microfocusasset_management_x2021.08cpe:2.3:a:microfocus:asset_management_x:2021.08:*:*:*:*:*:*:*
microfocusasset_management_x2021.11cpe:2.3:a:microfocus:asset_management_x:2021.11:*:*:*:*:*:*:*
microfocusasset_management_x2022.05cpe:2.3:a:microfocus:asset_management_x:2022.05:*:*:*:*:*:*:*
microfocusasset_management_x2022.11cpe:2.3:a:microfocus:asset_management_x:2022.11:*:*:*:*:*:*:*
microfocusservice_management_automation_x2020.05cpe:2.3:a:microfocus:service_management_automation_x:2020.05:*:*:*:*:*:*:*
microfocusservice_management_automation_x2020.08cpe:2.3:a:microfocus:service_management_automation_x:2020.08:*:*:*:*:*:*:*
microfocusservice_management_automation_x2020.11cpe:2.3:a:microfocus:service_management_automation_x:2020.11:*:*:*:*:*:*:*
microfocusservice_management_automation_x2021.02cpe:2.3:a:microfocus:service_management_automation_x:2021.02:*:*:*:*:*:*:*
microfocusservice_management_automation_x2021.05cpe:2.3:a:microfocus:service_management_automation_x:2021.05:*:*:*:*:*:*:*
microfocusservice_management_automation_x2021.08cpe:2.3:a:microfocus:service_management_automation_x:2021.08:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microfocus	asset_management_x	2021.08	cpe:2.3:a:microfocus:asset_management_x:2021.08:::::::*
microfocus	asset_management_x	2021.11	cpe:2.3:a:microfocus:asset_management_x:2021.11:::::::*
microfocus	asset_management_x	2022.05	cpe:2.3:a:microfocus:asset_management_x:2022.05:::::::*
microfocus	asset_management_x	2022.11	cpe:2.3:a:microfocus:asset_management_x:2022.11:::::::*
microfocus	service_management_automation_x	2020.05	cpe:2.3:a:microfocus:service_management_automation_x:2020.05:::::::*
microfocus	service_management_automation_x	2020.08	cpe:2.3:a:microfocus:service_management_automation_x:2020.08:::::::*
microfocus	service_management_automation_x	2020.11	cpe:2.3:a:microfocus:service_management_automation_x:2020.11:::::::*
microfocus	service_management_automation_x	2021.02	cpe:2.3:a:microfocus:service_management_automation_x:2021.02:::::::*
microfocus	service_management_automation_x	2021.05	cpe:2.3:a:microfocus:service_management_automation_x:2021.05:::::::*
microfocus	service_management_automation_x	2021.08	cpe:2.3:a:microfocus:service_management_automation_x:2021.08:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Service Management Automation X (SMAX)",
    "vendor": "opentext ",
    "versions": [
      {
        "status": "affected",
        "version": "2020.05"
      },
      {
        "status": "affected",
        "version": "2020.08"
      },
      {
        "status": "affected",
        "version": "2020.11"
      },
      {
        "status": "affected",
        "version": "2021.02"
      },
      {
        "status": "affected",
        "version": "2021.05"
      },
      {
        "status": "affected",
        "version": "2021.08"
      },
      {
        "status": "affected",
        "version": "2021.11"
      },
      {
        "status": "affected",
        "version": "2022.05"
      },
      {
        "status": "affected",
        "version": "2022.11"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Asset Management X (AMX)",
    "vendor": "opentext",
    "versions": [
      {
        "status": "affected",
        "version": "2021.08"
      },
      {
        "status": "affected",
        "version": "2021.11"
      },
      {
        "status": "affected",
        "version": "2022.05"
      },
      {
        "status": "affected",
        "version": "2022.11"
      }
    ]
  }
]

References

portal.microfocus.com/s/article/KM000022703?language=en_US

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for CVE-2023-4964