5 matches found
CVE-2023-4553
CVE-2023-4553 affects OpenText AppBuilder (versions 21.2 through 23.2). The vulnerability is due to improper input validation, enabling probing of system files. Additionally, AppBuilder configuration files are viewable by unauthenticated users. Impact is described as low confidentiality risk (C) ...
CVE-2023-4552
OpenText AppBuilder (Windows/Linux) versions 21.2–23.2 are affected by an improper input validation vulnerability. An authenticated AppBuilder user with the ability to create or manage databases can leverage this to access the server’s local file system. Affected software and versions are confirm...
CVE-2023-4554
OpenText AppBuilder (Windows/Linux) is affected by CVE-2023-4554 due to an XML External Entity (XXE) processing flaw in the XML processor. An authenticated attacker can upload crafted XML to trigger server-side requests and potentially disclose local server files. Affected versions are 21.2 throu...
CVE-2023-4550
OpenText AppBuilder (Windows/Linux) is affected by CVE-2023-4550 due to improper input validation, enabling an unauthenticated or authenticated user to read arbitrary files on the server via a vulnerable AppBuilder page. Affected versions are 21.2 through 23.2. Remediation guidance in connected s...
CVE-2023-4551
OpenText AppBuilder (Windows/Linux) is affected by CVE-2023-4551 due to improper input validation in the Scheduler functionality, enabling authenticated users to inject arbitrary OS commands into the running process. Affected versions are 21.2 through 23.2; published advisories indicate command i...