CVE-2023-4554

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-4554
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:opentext:appbuilder:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

05 Feb 2024, 21:24

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.9 		v2 : unknown
v3 : 6.5
First Time Opentext appbuilder
Microsoft windows
Opentext
Linux linux Kernel
Microsoft
Linux
References () https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b - () https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b - Permissions Required
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:opentext:appbuilder:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

30 Jan 2024, 14:18

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de restricción inadecuada de la referencia de entidad externa XML en OpenText AppBuilder en Windows, Linux permite la server-side request forgery y sondear archivos del sistema. El procesador XML de AppBuilder es vulnerable al procesamiento de entidades externas XML (XXE), lo que permite a un usuario autenticado cargar archivos XML especialmente manipulados para inducir server-side request forgery y revelar archivos locales al servidor que los procesa. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2.

29 Jan 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-29 21:15

Updated : 2024-02-05 21:24

NVD link : CVE-2023-4554

Mitre link : CVE-2023-4554

CVE.ORG link : CVE-2023-4554

JSON object : View

Products Affected

microsoft

  • windows

linux

  • linux_kernel

opentext

  • appbuilder
CWE
CWE-611

Improper Restriction of XML External Entity Reference