CVE-2023-4550

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4550
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:opentext:appbuilder:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b - Permissions Required () https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b - Permissions Required

05 Feb 2024, 18:30

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:opentext:appbuilder:*:*:*:*:*:*:*:*
First Time Linux linux Kernel
Opentext appbuilder
Microsoft
Linux
Opentext
Microsoft windows
References () https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b - () https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b - Permissions Required

30 Jan 2024, 14:18

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de validación de entrada incorrecta, archivos o directorios accesibles a partes externas en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado o no autenticado puede abusar de una página de AppBuilder para leer archivos arbitrarios en el servidor en el que está alojada. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2.

29 Jan 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-29 21:15

Updated : 2024-11-21 08:35

NVD link : CVE-2023-4550

Mitre link : CVE-2023-4550

CVE.ORG link : CVE-2023-4550

JSON object : View

Products Affected

linux

  • linux_kernel

opentext

  • appbuilder

microsoft

  • windows
CWE
CWE-20

Improper Input Validation

CWE-552

Files or Directories Accessible to External Parties