CVE-2023-4552 MEDIUM

CVE-2023-4552: Java Database Connectivity (JDBC) URL Manipulation

Vendor Opentext

Product AppBuilder

Weakness CWE-20 · Input validation

Published January 29, 2024

Last update June 17, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

Description

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2.

Key dates

Disclosure timeline

January 29, 2024 CVE published

June 17, 2025 Record updated