Lucene search

OpenTextCVELIST:CVE-2023-32264

HistoryMar 08, 2024 - 8:48 p.m.

CVE-2023-32264

2024-03-0820:48:07

CWE-1385

OpenText

www.cve.org

opentext documentum d2

versions 16.5.1 to ce 23.2

arbitrary code execution

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client’s computer.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Documentum D2",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThanOrEqual": "CE 23.2 ",
        "status": "affected",
        "version": "16.5.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0799355

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-32264