Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4551

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.

Published

2024-01-29T21:15:08.880

Last Modified

2024-11-21T08:35:24.180

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opentext	appbuilder	< 23.2	Yes
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required ([email protected])
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required (af854a3a-2127-422b-91ae-364da2661108)