VYPR
Unrated severityNVD Advisory· Published Jan 29, 2024· Updated Aug 2, 2024

Command Injection via Task Scheduler

CVE-2023-4551

Description

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.

The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.

This issue affects AppBuilder: from 21.2 before 23.2.

Affected products

2
  • Opentext/AppBuilderllm-fuzzy2 versions
    >=21.2, <23.2+ 1 more
    • (no CPE)range: >=21.2, <23.2
    • (no CPE)range: 21.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.