Lucene search

OpenTextCVELIST:CVE-2023-4554

HistoryJan 29, 2024 - 8:56 p.m.

CVE-2023-4554 XML External Entity (XXE) Processing

2024-01-2920:56:49

CWE-611

OpenText

www.cve.org

xml processor vulnerability

server side request forgery

opentext appbuilder

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.3%

JSON

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.

AppBuilder’s XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.

This issue affects AppBuilder: from 21.2 before 23.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "AppBuilder",
    "vendor": "OpenText",
    "versions": [
      {
        "status": "unaffected",
        "version": "23.2"
      },
      {
        "lessThan": "23.2",
        "status": "affected",
        "version": "21.2",
        "versionType": "custom"
      }
    ]
  }
]

References

support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVELIST:CVE-2023-4554