cbcvebase.

Opentext Extended Ecm vulnerabilities

7 known vulnerabilities affecting opentext/opentext_extended_ecm.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7

Vulnerabilities

Page 1 of 1
CVE-2022-45926P2HIGHCVSS 8.8≥ 20.4, ≤ 22.32023-01-18
CVE-2022-45926 [HIGH] CWE-918 CVE-2022-45926: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify. An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
nvd
CVE-2022-45927P3HIGHCVSS 8.8≥ 20.4, < 22.42023-01-18
CVE-2022-45927 [HIGH] CWE-639 CVE-2022-45927: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.
nvd
CVE-2022-45928P3HIGHCVSS 8.8≥ 16.2.2, ≤ 22.32023-01-18
CVE-2022-45928 [HIGH] CWE-94 CVE-2022-45928: A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.180 A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to ex
nvd
CVE-2022-45922P3HIGHCVSS 8.8≥ 21.1, ≤ 22.12023-01-18
CVE-2022-45922 [HIGH] CWE-287 CVE-2022-45922: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
nvd
CVE-2022-45923P3HIGHCVSS 8.8≥ 20.4, ≤ 22.42023-01-18
CVE-2022-45923 [HIGH] CWE-502 CVE-2022-45923: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway I An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.
nvd
CVE-2022-45925P3HIGHCVSS 7.5≥ 16.2.2, ≤ 22.32023-01-18
CVE-2022-45925 [HIGH] CWE-200 CVE-2022-45925: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
nvd
CVE-2022-45924P3HIGHCVSS 8.1≥ 20.4, ≤ 22.32023-01-18
CVE-2022-45924 [HIGH] CWE-276 CVE-2022-45924: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtem An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
nvd
Opentext Extended Ecm vulnerabilities | cvebase