Vulnerabilities > CVE-2023-4550 - Files or Directories Accessible to External Parties vulnerability in Opentext Appbuilder 21.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
opentext
CWE-552
NVD
Published: 2024-01-29
Updated: 2024-02-05

Summary

Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2.

Vulnerable Configurations

Part Description Count
Application
Opentext
1
OS
Linux
1
OS
Microsoft
1

Common Weakness Enumeration (CWE)

References