CVE-2023-4551

HIGH

OpenText AppBuilder <23.2 - Command Injection

Title source: llm

Description

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.

References (1)

Core 1

Core References

Permissions Required

https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b

Scores

CVSS v3 7.2

EPSS 0.0103

EPSS Percentile 59.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (1)

opentext/appbuilder 21.2 - 23.2

Published Jan 29, 2024

Tracked Since Feb 18, 2026