CVE-2023-32266

Summary

Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.  

This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1.

Affected Software

VendorProductVersion RangeStatus
OpenText™Application Lifecycle Management (ALM),Quality Center15.00affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.01affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.01 P1affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.01 P2affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.01 P3affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.01 P4affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.01 P5affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.51affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.51 P1affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.51 P2affected
OpenText™Application Lifecycle Management (ALM),Quality Center15.51 P3affected
OpenText™Application Lifecycle Management (ALM),Quality Center16.00affected
OpenText™Application Lifecycle Management (ALM),Quality Center16.01 P1affected

Weaknesses

  • CWE-426: CWE-426 Untrusted Search Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References