Lucene search

[email protected]NVD:CVE-2023-4551

HistoryJan 29, 2024 - 9:15 p.m.

CVE-2023-4551

2024-01-2921:15:08

CWE-20

[email protected]

web.nvd.nist.gov

opentext appbuilder

windows

linux

os command injection

input validation

cve-2023-4551

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

16.2%

JSON

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.

The AppBuilder’s Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.

This issue affects AppBuilder: from 21.2 before 23.2.

Affected configurations

Nvd

Node

opentextappbuilderRange21.2–23.2

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
opentextappbuilder*cpe:2.3:a:opentext:appbuilder:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opentext	appbuilder	*	cpe:2.3:a:opentext:appbuilder::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

16.2%

JSON

Related for NVD:CVE-2023-4551

cvelist1 vulnrichment1 prion1 cve1