Vulnerability Description
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Appbuilder | >= 21.2, < 23.2 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cPermissions Required
- https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cPermissions Required
FAQ
What is CVE-2023-4554?
CVE-2023-4554 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vuln...
How severe is CVE-2023-4554?
CVE-2023-4554 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4554?
Check the references section above for vendor advisories and patch information. Affected products include: Opentext Appbuilder, Linux Linux Kernel, Microsoft Windows.