Vulnerabilities > CVE-2023-4551 - Unspecified vulnerability in Opentext Appbuilder 21.2

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opentext

NVD

Published: 2024-01-29

Updated: 2024-02-05

Summary

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.

Vulnerable Configurations

Part	Description	Count
Application	Opentext Opentext Appbuilder 21.2	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b