CVE-2023-4551

EUVD-2023-54406
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.

The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.


This issue affects AppBuilder: from 21.2 before 23.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
opentextappbuilder
21.2 ≤
𝑥
< 23.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
opentextappbuilder
21.2 ≤
𝑥
≤ 23.2
ADP
Common Weakness Enumeration
References
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b