Vulnerabilities > CVE-2023-4554 - XXE vulnerability in Opentext Appbuilder 21.2

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

opentext

CWE-611

NVD

Published: 2024-01-29

Updated: 2024-02-05

Summary

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.

Vulnerable Configurations

Part	Description	Count
Application	Opentext Opentext Appbuilder 21.2	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b