CVE-2023-4964

Summary

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.

Affected Software

VendorProductVersion RangeStatus
opentextService Management Automation X (SMAX)2020.05affected
opentextService Management Automation X (SMAX)2020.08affected
opentextService Management Automation X (SMAX)2020.11affected
opentextService Management Automation X (SMAX)2021.02affected
opentextService Management Automation X (SMAX)2021.05affected
opentextService Management Automation X (SMAX)2021.08affected
opentextService Management Automation X (SMAX)2021.11affected
opentextService Management Automation X (SMAX)2022.05affected
opentextService Management Automation X (SMAX)2022.11affected
opentextAsset Management X (AMX)2021.08affected
opentextAsset Management X (AMX)2021.11affected
opentextAsset Management X (AMX)2022.05affected
opentextAsset Management X (AMX)2022.11affected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References