CVE-2023-4551

Name of the Vulnerable Software and Affected Versions OpenText AppBuilder versions 21.2 through 23.2

Description The issue is related to improper input validation in the OpenText AppBuilder's Scheduler functionality, which allows authenticated users to inject arbitrary operating system commands into the executing process. This enables OS Command Injection.

Recommendations For versions 21.2 through 23.2, update to version 23.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Scheduler functionality to minimize the risk of exploitation.