{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-4552", "ASSIGNER": "security@opentext.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.\n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation", "cweId": "CWE-20" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "OpenText", "product": { "product_data": [ { "product_name": "AppBuilder", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "status": "unaffected", "version": "23.2" }, { "lessThan": "23.2", "status": "affected", "version": "21.2", "versionType": "custom" } ], "defaultStatus": "unaffected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b", "refsource": "MISC", "name": "https://support.opentext.com/csm?id=ot_kb_search&kb_category=61648712db61781068cfd6c4e296197b" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "UNKNOWN" }, "credits": [ { "lang": "en", "value": "George Mathias" } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" } ] } }