Lucene search

OpenTextCVELIST:CVE-2023-4552

HistoryJan 29, 2024 - 8:56 p.m.

CVE-2023-4552 Java Database Connectivity (JDBC) URL Manipulation

2024-01-2920:56:35

CWE-20

OpenText

www.cve.org

input validation

jdbc url manipulation

appbuilder vulnerability

access control

system file access

windows

linux

cve-2023-4552

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.

An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.

This issue affects AppBuilder: from 21.2 before 23.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "AppBuilder",
    "vendor": "OpenText",
    "versions": [
      {
        "status": "unaffected",
        "version": "23.2"
      },
      {
        "lessThan": "23.2",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      }
    ]
  }
]

References

support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVELIST:CVE-2023-4552