Lucene search

OpenTextVULNRICHMENT:CVE-2023-4551

HistoryJan 29, 2024 - 8:56 p.m.

CVE-2023-4551 Command Injection via Task Scheduler

2024-01-2920:56:30

CWE-20

OpenText

github.com

command injection

opentext appbuilder

scheduler

vulnerability

windows

linux

input validation

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

16.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.

The AppBuilder’s Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.

This issue affects AppBuilder: from 21.2 before 23.2.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:opentext:appbuilder:21.2:*:*:*:*:*:*:*"
    ],
    "vendor": "opentext",
    "product": "appbuilder",
    "versions": [
      {
        "status": "affected",
        "version": "21.2",
        "versionType": "custom",
        "lessThanOrEqual": "23.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

16.2%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-4551