CVE-2023-4554

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 29, 2024

Updated: Feb 5, 2024

CWE ID 611

Summary

CVE-2023-4554 is a vulnerability affecting OpenText AppBuilder on both Windows and Linux platforms. This issue involves an Improper Restriction of XML External Entity Reference, leading to Server Side Request Forgery (SSRF) and potential file disclosure. Authenticated users can exploit this vulnerability by uploading specially crafted XML files to induce SSRF and reveal system files processed by the server. AppBuilder versions prior to 23.2 are susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenText

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sdO3jH
https://www.cve.org/CVERecord?id=CVE-2023-4554
https://nvd.nist.gov/vuln/detail/CVE-2023-4554

Back to Vulnerability Database

CVE-2023-4554

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations