OpenCVE

Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Opentext	Alm Octane

No data.

No data.

References

Link	Providers
https://portal.microfocus.com/s/article/KM000026128?language=en_US

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-02-15T21:04:29.089Z

Updated: 2024-08-02T08:21:17.447Z

Reserved: 2023-11-14T14:07:27.080Z

Link: CVE-2023-6123

Vulnrichment

Updated: 2024-07-29T15:37:21.237Z

NVD

Status : Awaiting Analysis

Published: 2024-02-15T21:15:08.500

Modified: 2024-11-21T08:43:10.727

Link: CVE-2023-6123

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6123", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-11-14T14:07:27.080Z", "datePublished": "2024-02-15T21:04:29.089Z", "dateUpdated": "2024-08-02T08:21:17.447Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ALM Octane.", "vendor": "OpenText", "versions": [{"lessThan": "*", "status": "affected", "version": "16.2.100", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization vulnerability affects OpenText ALM Octane <span style=\"background-color: rgb(255, 255, 255);\">version 16.2.100 and above. </span>The vulnerability could result in a remote code execution attack. </span>\n\n<br>"}], "value": "Improper Neutralization vulnerability affects OpenText ALM Octane\u00a0version 16.2.100 and above.\u00a0The vulnerability could result in a remote code execution attack. \n\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Improper Neutralization", "lang": "en"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-02-15T21:04:29.089Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026128?language=en_US\">Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com)</a>\n\n<br>"}], "value": "\n Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com) https://portal.microfocus.com/s/article/KM000026128 \n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Neutralization vulnerability affects OpenText ALM Octane. ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "alm_octane", "cpes": ["cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "16.2.100", "status": "affected", "lessThan": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-19T18:39:06.016906Z", "id": "CVE-2023-6123", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:37:26.246Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6123", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-19T18:39:06.016906Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:alm_octane:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "alm_octane", "versions": [{"status": "affected", "version": "16.2.100", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T15:37:21.237Z"}}], "cna": {"title": "Improper Neutralization vulnerability affects OpenText ALM Octane. ", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "ALM Octane.", "versions": [{"status": "affected", "version": "16.2.100", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\n Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com) https://portal.microfocus.com/s/article/KM000026128 \n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000026128?language=en_US\">Bulletin-Octane-Cross Site Scripting CVE-2023-6123 (microfocus.com)</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://portal.microfocus.com/s/article/KM000026128?language=en_US"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization vulnerability affects OpenText ALM Octane\u00a0version 16.2.100 and above.\u00a0The vulnerability could result in a remote code execution attack. \n\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Neutralization vulnerability affects OpenText ALM Octane <span style=\"background-color: rgb(255, 255, 255);\">version 16.2.100 and above. </span>The vulnerability could result in a remote code execution attack. </span>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-02-15T21:04:29.089Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6123", "state": "PUBLISHED", "dateUpdated": "2024-07-29T15:37:26.246Z", "dateReserved": "2023-11-14T14:07:27.080Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-02-15T21:04:29.089Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}