CVE-2023-6123

Improper Neutralization vulnerability affects OpenText ALM Octane.

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

La vulnerabilidad de neutralización inadecuada afecta a OpenText ALM Octane versión 16.2.100 y superiores. La vulnerabilidad podría resultar en un ataque de ejecución remota de código.

*Credits: N/A

CVSS Scores

OpenTextv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-14 CVE Reserved
2024-02-15 CVE Published
2024-02-16 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

CAPEC-63: Cross-Site Scripting (XSS)

References (1)

URL	Tag	Source
https://portal.microfocus.com/s/article/KM000026128?language=en_US

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
OpenText Search vendor "OpenText"		ALM Octane. Search vendor "OpenText" for product "ALM Octane."				< 16.2.100 Search vendor "OpenText" for product "ALM Octane." and version " < 16.2.100"		en		Affected