CVE-2023-7260 - OpenCVE

Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Opentext	Cx-e Voice

No data.

No data.

References

Link	Providers
https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114

History

Fri, 23 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opentext Opentext cx-e Voice
CPEs		cpe:2.3:a:opentext:cx-e_voice::::::::
Vendors & Products		Opentext Opentext cx-e Voice
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 22 Aug 2024 21:15:00 +0000

Type	Values Removed	Values Added
Description		Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.
Title		A path traversal vulnerability has been discovered in OpenText™ CX-E Voice.
Weaknesses		CWE-22
References		https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:A/V:C/RE:L/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-08-22T20:54:55.297Z

Updated: 2024-08-23T14:28:18.837Z

Reserved: 2024-05-20T17:14:20.881Z

Link: CVE-2023-7260

Vulnrichment

Updated: 2024-08-23T14:28:12.015Z

NVD

Status : Awaiting Analysis

Published: 2024-08-22T21:15:16.107

Modified: 2024-08-23T16:18:28.547

Link: CVE-2023-7260

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7260", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-05-20T17:14:20.881Z", "datePublished": "2024-08-22T20:54:55.297Z", "dateUpdated": "2024-08-23T14:28:18.837Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CX-E Voice", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "22.4", "status": "affected", "version": "all versions", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, \n\naffecting all version through 22.4. The vulnerability could allow<span style=\"background-color: rgb(255, 255, 255);\"> arbitrarily access files on the system.</span>"}], "value": "Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, \n\naffecting all version through 22.4. The vulnerability could allow\u00a0arbitrarily access files on the system."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:A/V:C/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-08-22T20:54:55.297Z"}, "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114\">https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114</a><br>"}], "value": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114"}], "source": {"discovery": "UNKNOWN"}, "title": "A path traversal vulnerability has been discovered in OpenText\u2122 CX-E Voice.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "cx-e_voice", "cpes": ["cpe:2.3:a:opentext:cx-e_voice:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "22.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-23T14:24:23.228824Z", "id": "CVE-2023-7260", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T14:28:18.837Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7260", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-23T14:24:23.228824Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:cx-e_voice:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "cx-e_voice", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "22.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T14:28:12.015Z"}}], "cna": {"title": "A path traversal vulnerability has been discovered in OpenText\u2122 CX-E Voice.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 6.9, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:A/V:C/RE:L/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "CX-E Voice", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom", "lessThanOrEqual": "22.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114\">https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114</a><br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, \n\naffecting all version through 22.4. The vulnerability could allow\u00a0arbitrarily access files on the system.", "supportingMedia": [{"type": "text/html", "value": "Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, \n\naffecting all version through 22.4. The vulnerability could allow<span style=\"background-color: rgb(255, 255, 255);\"> arbitrarily access files on the system.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-08-22T20:54:55.297Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7260", "state": "PUBLISHED", "dateUpdated": "2024-08-23T14:28:18.837Z", "dateReserved": "2024-05-20T17:14:20.881Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-08-22T20:54:55.297Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Path Traversal vulnerability discovered in OpenText\u2122 CX-E Voice, \n\naffecting all version through 22.4. The vulnerability could allow\u00a0arbitrarily access files on the system."}, {"lang": "es", "value": "Vulnerabilidad Path Traversal descubierta en OpenText\u2122 CX-E Voice, que afecta a todas las versiones hasta la 22.4. La vulnerabilidad podr\u00eda permitir acceder arbitrariamente a archivos del sistema."}], "id": "CVE-2023-7260", "lastModified": "2024-08-23T16:18:28.547", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "YES", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "recovery": "AUTOMATIC", "safety": "NEGLIGIBLE", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:C/RE:L/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "LOW", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2024-08-22T21:15:16.107", "references": [{"source": "security@opentext.com", "url": "https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0823114"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@opentext.com", "type": "Secondary"}]}