CVE-2023-6123 - Vulnerability Details - OpenCVE

Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0051.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Opentext	Alm Octane

Configuration 1 [-]

cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-58378	Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

Fixes

Solution

Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com) https://portal.microfocus.com/s/article/KM000026128

Workaround

No workaround given by the vendor.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000026128?language=en_US

History

Tue, 18 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-707

Wed, 18 Dec 2024 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-79

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-02-15T21:04:29.089Z

Updated: 2025-03-18T14:32:42.295Z

Reserved: 2023-11-14T14:07:27.080Z

Link: CVE-2023-6123

Vulnrichment

Updated: 2024-08-02T08:21:17.447Z

NVD

Status : Modified

Published: 2024-02-15T21:15:08.500

Modified: 2025-03-18T15:15:46.680

Link: CVE-2023-6123

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6123", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-11-14T14:07:27.080Z", "datePublished": "2024-02-15T21:04:29.089Z", "dateUpdated": "2025-03-18T14:32:42.295Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ALM Octane.", "vendor": "OpenText", "versions": [{"lessThan": "*", "status": "affected", "version": "16.2.100", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization vulnerability affects OpenText ALM Octane <span style=\"background-color: rgb(255, 255, 255);\">version 16.2.100 and above. </span>The vulnerability could result in a remote code execution attack. </span>\n\n<br>"}], "value": "Improper Neutralization vulnerability affects OpenText ALM Octane\u00a0version 16.2.100 and above.\u00a0The vulnerability could result in a remote code execution attack. \n\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization", "lang": "en"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-02-15T21:04:29.089Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026128?language=en_US\">Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com)</a>\n\n<br>"}], "value": "\n Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com) https://portal.microfocus.com/s/article/KM000026128 \n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Neutralization vulnerability affects OpenText ALM Octane. ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-707", "lang": "en", "description": "CWE-707 Improper Neutralization"}]}], "affected": [{"vendor": "opentext", "product": "alm_octane", "cpes": ["cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "16.2.100", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-19T18:39:06.016906Z", "id": "CVE-2023-6123", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T14:32:42.295Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.447Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-19T18:39:06.016906Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "alm_octane", "versions": [{"status": "affected", "version": "16.2.100", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-707", "description": "CWE-707 Improper Neutralization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:37:21.237Z"}}], "cna": {"title": "Improper Neutralization vulnerability affects OpenText ALM Octane. ", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "ALM Octane.", "versions": [{"status": "affected", "version": "16.2.100", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\n Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com) https://portal.microfocus.com/s/article/KM000026128 \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026128?language=en_US\">Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com)</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization vulnerability affects OpenText ALM Octane\u00a0version 16.2.100 and above.\u00a0The vulnerability could result in a remote code execution attack. \n\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization vulnerability affects OpenText ALM Octane <span style=\"background-color: rgb(255, 255, 255);\">version 16.2.100 and above. </span>The vulnerability could result in a remote code execution attack. </span>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-02-15T21:04:29.089Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6123", "state": "PUBLISHED", "dateUpdated": "2025-03-18T14:32:42.295Z", "dateReserved": "2023-11-14T14:07:27.080Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-02-15T21:04:29.089Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*", "matchCriteriaId": "91D383F7-ABDC-453D-B75A-3F7456B7B8A2", "versionStartIncluding": "16.2.100", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization vulnerability affects OpenText ALM Octane\u00a0version 16.2.100 and above.\u00a0The vulnerability could result in a remote code execution attack. \n\n\n"}, {"lang": "es", "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada afecta a OpenText ALM Octane versi\u00f3n 16.2.100 y superiores. La vulnerabilidad podr\u00eda resultar en un ataque de ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2023-6123", "lastModified": "2025-03-18T15:15:46.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-15T21:15:08.500", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-707"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}