CVE-2023-32266 MEDIUM

CVE-2023-32266: Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center.

Vendor Opentext™
Product Application Lifecycle Management (ALM),Quality Center
Weakness CWE-426
Published October 16, 2024
Last update October 16, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/V:D/RE:L/U:Clear

What the vulnerability does

01Description

Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1.

Key dates

02Disclosure timeline

October 16, 2024 CVE published
October 16, 2024 Record updated