// For flags

CVE-2023-4552

Java Database Connectivity (JDBC) URL Manipulation

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.

An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.


This issue affects AppBuilder: from 21.2 before 23.2.

Vulnerabilidad de validaciĆ³n de entrada incorrecta en OpenText AppBuilder en Windows, Linux permite sondear archivos del sistema. Un usuario autenticado de AppBuilder con la capacidad de crear o administrar bases de datos existentes puede aprovecharlas para explotar el servidor de AppBuilder, incluido el acceso a su sistema de archivos local. Este problema afecta a AppBuilder: desde 21.2 antes de 23.2.

*Credits: George Mathias
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-08-25 CVE Reserved
  • 2024-01-29 CVE Published
  • 2024-03-01 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-639: Probe System Files
References (0)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opentext
Search vendor "Opentext"
 Appbuilder
Search vendor "Opentext" for product "Appbuilder"
 >= 21.2 < 23.2
Search vendor "Opentext" for product "Appbuilder" and version " >= 21.2 < 23.2"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Opentext
Search vendor "Opentext"
 Appbuilder
Search vendor "Opentext" for product "Appbuilder"
 >= 21.2 < 23.2
Search vendor "Opentext" for product "Appbuilder" and version " >= 21.2 < 23.2"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe