CVE-2023-4551

Summary

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.

The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.

This issue affects AppBuilder: from 21.2 before 23.2.

Affected Software

VendorProductVersion RangeStatus
OpenTextAppBuilder23.2unaffected
OpenTextAppBuilder21.2 < 23.2affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References