Lucene search

[email protected]NVD:CVE-2023-4552

HistoryJan 29, 2024 - 9:15 p.m.

CVE-2023-4552

2024-01-2921:15:09

CWE-20

[email protected]

web.nvd.nist.gov

opentext

appbuilder

input validation

vulnerability

file system access

windows

linux

cve-2023-4552

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

17.9%

JSON

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.

An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.

This issue affects AppBuilder: from 21.2 before 23.2.

Affected configurations

Nvd

Node

opentextappbuilderRange21.2–23.2

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
opentextappbuilder*cpe:2.3:a:opentext:appbuilder:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opentext	appbuilder	*	cpe:2.3:a:opentext:appbuilder::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

17.9%

JSON

Related for NVD:CVE-2023-4552

prion1 cvelist1 cve1