CVE-2023-32259

Summary

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11.

Affected Software

VendorProductVersion RangeStatus
OpenText™Service Management Automation X (SMAX)2020.05affected
OpenText™Service Management Automation X (SMAX)2020.08affected
OpenText™Service Management Automation X (SMAX)2020.11affected
OpenText™Service Management Automation X (SMAX)2021.02affected
OpenText™Service Management Automation X (SMAX)2021.05affected
OpenText™Service Management Automation X (SMAX)2021.08affected
OpenText™Service Management Automation X (SMAX)2021.11affected
OpenText™Service Management Automation X (SMAX)2022.05affected
OpenText™Service Management Automation X (SMAX)2022.11affected
OpenText™Asset Management X (AMX)2021.08affected
OpenText™Asset Management X (AMX)2021.11affected
OpenText™Asset Management X (AMX)2022.05affected
OpenText™Asset Management X (AMX)2022.11affected

Weaknesses

  • CWE-1220: CWE-1220 Insufficient Granularity of Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References