Vulnerability Description
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Appbuilder | >= 21.2, < 23.2 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cPermissions Required
- https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cPermissions Required
FAQ
What is CVE-2023-4551?
CVE-2023-4551 is a vulnerability with a CVSS score of 7.2 (HIGH). Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is ...
How severe is CVE-2023-4551?
CVE-2023-4551 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4551?
Check the references section above for vendor advisories and patch information. Affected products include: Opentext Appbuilder, Linux Linux Kernel, Microsoft Windows.