Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-4554

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.

Published

2024-01-29T21:15:09.457

Last Modified

2024-11-21T08:35:24.580

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-611
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opentext	appbuilder	< 23.2	Yes
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No

References

https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required ([email protected])
https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b Permissions Required (af854a3a-2127-422b-91ae-364da2661108)