CVE-2023-4964 - OpenCVE

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Asset Management X Service Management Automation X

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:asset_management_x:2021.08:::::::*
	cpe:2.3:a:microfocus:asset_management_x:2021.11:::::::*
	cpe:2.3:a:microfocus:asset_management_x:2022.05:::::::*
	cpe:2.3:a:microfocus:asset_management_x:2022.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2020.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2020.08:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2020.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.02:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.08:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2022.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2022.11:::::::*

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000022703?language=en_US

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2023-10-30T14:18:59.394Z

Updated: 2024-09-06T20:43:19.195Z

Reserved: 2023-09-14T15:25:06.880Z

Link: CVE-2023-4964

Vulnrichment

Updated: 2024-08-02T07:44:53.526Z

NVD

Status : Analyzed

Published: 2023-10-30T15:15:42.197

Modified: 2023-11-08T00:16:34.233

Link: CVE-2023-4964

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4964", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-09-14T15:25:06.880Z", "datePublished": "2023-10-30T14:18:59.394Z", "dateUpdated": "2024-09-06T20:43:19.195Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Service Management Automation X (SMAX)", "vendor": "opentext ", "versions": [{"status": "affected", "version": "2020.05"}, {"status": "affected", "version": "2020.08"}, {"status": "affected", "version": "2020.11"}, {"status": "affected", "version": "2021.02"}, {"status": "affected", "version": "2021.05"}, {"status": "affected", "version": "2021.08"}, {"status": "affected", "version": "2021.11"}, {"status": "affected", "version": "2022.05"}, {"status": "affected", "version": "2022.11"}]}, {"defaultStatus": "unaffected", "product": "Asset Management X (AMX)", "vendor": "opentext", "versions": [{"status": "affected", "version": "2021.08"}, {"status": "affected", "version": "2021.11"}, {"status": "affected", "version": "2022.05"}, {"status": "affected", "version": "2022.11"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abel Iglesias Iglesias (a.k.a. Hurd4n0) "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.</p>\n\n\n\n\n\n"}], "value": "Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Could redirect user to malicious websites."}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-10-30T14:18:59.394Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential open redirect vulnerability in opentext SMAX and AMX product. ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.526Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T20:43:03.247436Z", "id": "CVE-2023-4964", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T20:43:19.195Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.526Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4964", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T20:43:03.247436Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T20:43:13.675Z"}}], "cna": {"title": "Potential open redirect vulnerability in opentext SMAX and AMX product. ", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abel Iglesias Iglesias (a.k.a. Hurd4n0) "}], "impacts": [{"descriptions": [{"lang": "en", "value": "Could redirect user to malicious websites."}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "opentext ", "product": "Service Management Automation X (SMAX)", "versions": [{"status": "affected", "version": "2020.05"}, {"status": "affected", "version": "2020.08"}, {"status": "affected", "version": "2020.11"}, {"status": "affected", "version": "2021.02"}, {"status": "affected", "version": "2021.05"}, {"status": "affected", "version": "2021.08"}, {"status": "affected", "version": "2021.11"}, {"status": "affected", "version": "2022.05"}, {"status": "affected", "version": "2022.11"}], "defaultStatus": "unaffected"}, {"vendor": "opentext", "product": "Asset Management X (AMX)", "versions": [{"status": "affected", "version": "2021.08"}, {"status": "affected", "version": "2021.11"}, {"status": "affected", "version": "2022.05"}, {"status": "affected", "version": "2022.11"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.</p>\n\n\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-10-30T14:18:59.394Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4964", "state": "PUBLISHED", "dateUpdated": "2024-09-06T20:43:19.195Z", "dateReserved": "2023-09-14T15:25:06.880Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2023-10-30T14:18:59.394Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:asset_management_x:2021.08:*:*:*:*:*:*:*", "matchCriteriaId": "4DF49190-8A0F-405E-8C84-C2A09BDFADE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:asset_management_x:2021.11:*:*:*:*:*:*:*", "matchCriteriaId": "A7397F14-EA13-4E0B-A636-2227A80B8A5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:asset_management_x:2022.05:*:*:*:*:*:*:*", "matchCriteriaId": "223F4197-5966-4DC3-A7A3-29695B97401F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:asset_management_x:2022.11:*:*:*:*:*:*:*", "matchCriteriaId": "B561C6FF-2BBB-49CC-88EC-22585BDF805A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2020.05:*:*:*:*:*:*:*", "matchCriteriaId": "4F008E61-5AAE-456E-973A-69C0AF3380C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2020.08:*:*:*:*:*:*:*", "matchCriteriaId": "B27E0021-800F-43FA-9439-FDE451001E6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2020.11:*:*:*:*:*:*:*", "matchCriteriaId": "8899E470-B07D-4399-912C-3D78B10479C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.02:*:*:*:*:*:*:*", "matchCriteriaId": "39711A66-0034-4B95-BC28-CBE7095AD96D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.05:*:*:*:*:*:*:*", "matchCriteriaId": "1C1F7A4B-052A-4C71-A05F-CDD12115EFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.08:*:*:*:*:*:*:*", "matchCriteriaId": "4A3CCD7D-E886-4318-908B-4D4AAE8B36D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.11:*:*:*:*:*:*:*", "matchCriteriaId": "DC3A895B-6323-43B6-809C-613B8C96D991", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2022.05:*:*:*:*:*:*:*", "matchCriteriaId": "D1D9DBF7-FFC0-42A0-B755-B3C6B0CB89F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2022.11:*:*:*:*:*:*:*", "matchCriteriaId": "1FC7A3B4-C64C-480A-AB0C-7C5CCC6DFDE0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Posible vulnerabilidad de redireccionamiento abierto en opentext Service Management Automation X (SMAX) versiones 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 y opentext Asset Management X (AMX) versiones 2021.08, 2 021.11, 2022.05, 2022.11. La vulnerabilidad podr\u00eda permitir a los atacantes redirigir a un usuario a sitios web maliciosos."}], "id": "CVE-2023-4964", "lastModified": "2023-11-08T00:16:34.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2023-10-30T15:15:42.197", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@opentext.com", "type": "Secondary"}]}