Potential open redirect vulnerability in opentext SMAX and AMX product.
CVE-2023-4964

8.2HIGH

Key Information:

Vendor: Opentext
Status: Service Management Automation X (smax); Asset Management X (amx)
Vendor: CVE Published:; 30 October 2023

What is CVE-2023-4964?

An open redirect vulnerability has been identified in OpenText Service Management Automation X and Asset Management X. This flaw enables attackers to craft malicious URLs that could redirect users to harmful websites, increasing the risk of phishing and other security threats. The vulnerability affects multiple versions of both products, making it imperative for organizations using these solutions to apply the latest security patches and mitigations to safeguard against potential exploitation.

Affected Version(s)

Asset Management X (AMX) 2021.08

Asset Management X (AMX) 2021.11

Asset Management X (AMX) 2022.05

References

https://portal.microfocus.com/s/article/KM000022703?langu...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2023
Vulnerability Reserved
Sep 14, 2023

Credit

Abel Iglesias Iglesias (a.k.a. Hurd4n0)

Opentext

What is CVE-2023-4964?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit