Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2023-32266

Oct. 18, 2024, 12:53 p.m.

Tags

security@opentext.com
CWE-426
2024-10-16
CVE-2023-32266

Product(s) Impacted

OpenText Application Lifecycle Management (ALM),Quality Center

  • 15.00
  • 15.01
  • 15.01 P1
  • 15.01 P2
  • 15.01 P3
  • 15.01 P4
  • 15.01 P5
  • 15.51
  • 15.51 P1
  • 15.51 P2
  • 15.51 P3
  • 16.00
  • 16.01 P1

Description

Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1.

Weaknesses

CWE-426
Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE ID: 426

Date

Published: Oct. 16, 2024, 5:15 p.m.

Last Modified: Oct. 18, 2024, 12:53 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@opentext.com

References

https://portal.microfocus.com/ security@opentext.com