CVE-2023-4964 - OpenCVE

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Asset Management X Service Management Automation X

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:asset_management_x:2021.08:::::::*
	cpe:2.3:a:microfocus:asset_management_x:2021.11:::::::*
	cpe:2.3:a:microfocus:asset_management_x:2022.05:::::::*
	cpe:2.3:a:microfocus:asset_management_x:2022.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2020.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2020.08:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2020.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.02:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.08:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2021.11:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2022.05:::::::*
	cpe:2.3:a:microfocus:service_management_automation_x:2022.11:::::::*

References

Link	Resource
https://portal.microfocus.com/s/article/KM000022703?language=en_US	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenText

Published: 2023-10-30T14:18:59.394Z

Updated: 2023-10-30T14:18:59.394Z

Reserved: 2023-09-14T15:25:06.880Z

Link: CVE-2023-4964

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-30T15:15:42.197

Modified: 2023-11-08T00:16:34.233

Link: CVE-2023-4964

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4964", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2023-09-14T15:25:06.880Z", "datePublished": "2023-10-30T14:18:59.394Z", "dateUpdated": "2023-10-30T14:18:59.394Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Service Management Automation X (SMAX)", "vendor": "opentext ", "versions": [{"status": "affected", "version": "2020.05"}, {"status": "affected", "version": "2020.08"}, {"status": "affected", "version": "2020.11"}, {"status": "affected", "version": "2021.02"}, {"status": "affected", "version": "2021.05"}, {"status": "affected", "version": "2021.08"}, {"status": "affected", "version": "2021.11"}, {"status": "affected", "version": "2022.05"}, {"status": "affected", "version": "2022.11"}]}, {"defaultStatus": "unaffected", "product": "Asset Management X (AMX)", "vendor": "opentext", "versions": [{"status": "affected", "version": "2021.08"}, {"status": "affected", "version": "2021.11"}, {"status": "affected", "version": "2022.05"}, {"status": "affected", "version": "2022.11"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Abel Iglesias Iglesias (a.k.a. Hurd4n0) "}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.</p>\n\n\n\n\n\n"}], "value": "Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Could redirect user to malicious websites."}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2023-10-30T14:18:59.394Z"}, "references": [{"url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US"}], "source": {"discovery": "UNKNOWN"}, "title": "Potential open redirect vulnerability in opentext SMAX and AMX product. ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:asset_management_x:2021.08:*:*:*:*:*:*:*", "matchCriteriaId": "4DF49190-8A0F-405E-8C84-C2A09BDFADE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:asset_management_x:2021.11:*:*:*:*:*:*:*", "matchCriteriaId": "A7397F14-EA13-4E0B-A636-2227A80B8A5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:asset_management_x:2022.05:*:*:*:*:*:*:*", "matchCriteriaId": "223F4197-5966-4DC3-A7A3-29695B97401F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:asset_management_x:2022.11:*:*:*:*:*:*:*", "matchCriteriaId": "B561C6FF-2BBB-49CC-88EC-22585BDF805A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2020.05:*:*:*:*:*:*:*", "matchCriteriaId": "4F008E61-5AAE-456E-973A-69C0AF3380C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2020.08:*:*:*:*:*:*:*", "matchCriteriaId": "B27E0021-800F-43FA-9439-FDE451001E6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2020.11:*:*:*:*:*:*:*", "matchCriteriaId": "8899E470-B07D-4399-912C-3D78B10479C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.02:*:*:*:*:*:*:*", "matchCriteriaId": "39711A66-0034-4B95-BC28-CBE7095AD96D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.05:*:*:*:*:*:*:*", "matchCriteriaId": "1C1F7A4B-052A-4C71-A05F-CDD12115EFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.08:*:*:*:*:*:*:*", "matchCriteriaId": "4A3CCD7D-E886-4318-908B-4D4AAE8B36D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2021.11:*:*:*:*:*:*:*", "matchCriteriaId": "DC3A895B-6323-43B6-809C-613B8C96D991", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2022.05:*:*:*:*:*:*:*", "matchCriteriaId": "D1D9DBF7-FFC0-42A0-B755-B3C6B0CB89F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation_x:2022.11:*:*:*:*:*:*:*", "matchCriteriaId": "1FC7A3B4-C64C-480A-AB0C-7C5CCC6DFDE0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Potential open redirect vulnerability\nin opentext Service Management Automation X\n(SMAX) versions 2020.05, 2020.08,\n2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset\nManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The\nvulnerability could allow attackers to redirect a user to\nmalicious websites.\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Posible vulnerabilidad de redireccionamiento abierto en opentext Service Management Automation X (SMAX) versiones 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 y opentext Asset Management X (AMX) versiones 2021.08, 2 021.11, 2022.05, 2022.11. La vulnerabilidad podr\u00eda permitir a los atacantes redirigir a un usuario a sitios web maliciosos."}], "id": "CVE-2023-4964", "lastModified": "2023-11-08T00:16:34.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2023-10-30T15:15:42.197", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://portal.microfocus.com/s/article/KM000022703?language=en_US"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "security@opentext.com", "type": "Secondary"}]}