CVE-2023-6123 – This CVE describes an improper input neutraliza... (How to Fix)

Q: What is the severity of CVE-2023-6123?

CVE-2023-6123 has a CVSS score of 7.5 (HIGH). This CVE describes an improper input neutralization vulnerability (Cross-Site Scripting) in OpenText ALM Octane versions 16.2.100 and above. Attackers can inject malicious scripts that execute in users' browsers, potentially leading to session hijacking, data theft, or redirection to malicious sites. Organizations using affected OpenText ALM Octane versions are vulnerable.

📋 TL;DR

This CVE describes an improper input neutralization vulnerability (Cross-Site Scripting) in OpenText ALM Octane versions 16.2.100 and above. Attackers can inject malicious scripts that execute in users' browsers, potentially leading to session hijacking, data theft, or redirection to malicious sites. Organizations using affected OpenText ALM Octane versions are vulnerable.

💻 Affected Systems

Products:

OpenText ALM Octane

Versions: 16.2.100 and above

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Alm Octane by Opentext

View all CVEs affecting Alm Octane →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment.

🟠

Likely Case

Cross-site scripting attacks resulting in session hijacking, credential theft, or client-side malware delivery.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and security controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CWE-79 typically indicates relatively straightforward exploitation once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://portal.microfocus.com/s/article/KM000026128?language=en_US

Restart Required: Yes

Instructions:

1. Review vendor advisory KM000026128
2. Download and apply the latest security patch from OpenText
3. Restart ALM Octane services
4. Verify patch installation

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and output encoding for user-supplied data

Web Application Firewall

all

Deploy WAF with XSS protection rules to filter malicious requests

🧯 If You Can't Patch

Isolate ALM Octane instances from internet access
Implement strict network segmentation and access controls

🔍 How to Verify

Check if Vulnerable:

Check ALM Octane version against affected range (16.2.100+)

Check Version:

Check ALM Octane administration console or configuration files for version information

Verify Fix Applied:

Verify installed version is updated beyond vulnerable range and test XSS vectors

📡 Detection & Monitoring

Log Indicators:

Unusual script injection patterns in web logs
Multiple failed XSS attempts
Suspicious user agent strings

Network Indicators:

Malformed HTTP requests with script tags
Unusual outbound connections from ALM Octane server

SIEM Query:

source="alm_octane_logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2023-6123

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-79

Published: February 15, 2024

Last Updated: March 18, 2025

🔗 References

https://portal.microfocus.com/s/article/KM000026128?language=en_US Vendor Advisory
https://portal.microfocus.com/s/article/KM000026128?language=en_US Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6123, you might also want to check these: