cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2023-4554,https://securityvulnerability.io/vulnerability/CVE-2023-4554,XML External Entity (XXE) Processing,"Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. ",OpenText,AppBuilder,6.5,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-01-29T20:56:49.834Z,0 CVE-2023-4553,https://securityvulnerability.io/vulnerability/CVE-2023-4553,Unauthenticated Access to AppBuilder Configuration Files,"Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. ",Opentext,Appbuilder,5.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2024-01-29T20:56:45.438Z,0 CVE-2023-4552,https://securityvulnerability.io/vulnerability/CVE-2023-4552,Java Database Connectivity (JDBC) URL Manipulation,"An improper input validation vulnerability exists in OpenText AppBuilder, which operates on Windows and Linux platforms. This vulnerability allows an authenticated user, who possesses rights to create or manage existing databases, to exploit the AppBuilder server's security. Specifically, it enables unauthorized access to the server's local file system, potentially leading to data exposure or manipulation. Organizations utilizing AppBuilder versions prior to 23.2 should assess their security measures and explore remediation strategies to protect sensitive information.",OpenText,AppBuilder,7.1,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2024-01-29T20:56:35.378Z,0 CVE-2023-4551,https://securityvulnerability.io/vulnerability/CVE-2023-4551,Command Injection via Task Scheduler,"An improper input validation vulnerability exists in OpenText AppBuilder, affecting both Windows and Linux platforms. This flaw enables authenticated users to execute arbitrary operating system commands through the Scheduler functionality, which is designed to create scheduled tasks. By exploiting this vulnerability, an attacker could manipulate the executed process, leading to potential unauthorized access or control over the system environment. The affected versions include AppBuilder from 21.2 up to but not including 23.2.",Opentext,Appbuilder,7.2,HIGH,0.0005499999970197678,false,false,false,false,,false,false,2024-01-29T20:56:30.404Z,0 CVE-2023-4550,https://securityvulnerability.io/vulnerability/CVE-2023-4550,Unauthenticated Arbitrary File Read,"The vulnerability manifests due to improper input validation within OpenText AppBuilder, allowing both unauthenticated and authenticated users to exploit a specific page of the application. This exploit grants the ability to read arbitrary files on the server, facilitating potential unauthorized access to sensitive system files. This issue affects multiple versions of the product, specifically those released between 21.2 and 23.2, thereby posing a significant risk to system integrity and confidentiality.",Opentext,Appbuilder,7.5,HIGH,0.0009500000160187483,false,false,false,false,,false,false,2024-01-29T20:56:09.908Z,0