CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31871
https://notcve.org/view.php?id=CVE-2023-31871
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. • https://gist.github.com/picar0jsu/a8e623639da34f36202ce5e436668de7 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35898
https://notcve.org/view.php?id=CVE-2022-35898
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. • https://businessnetwork.opentext.com/b2b-gateway https://hackandpwn.com/disclosures/CVE-2022-35898.pdf • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-45925 – OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
https://notcve.org/view.php?id=CVE-2022-45925
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure. Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). La acción xmlexport acepta el parámetro requestContext. • http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html http://seclists.org/fulldisclosure/2023/Jan/14 https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-45922 – OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
https://notcve.org/view.php?id=CVE-2022-45922
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password. Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). El controlador de solicitudes para ll.KeepAliveSession establece una cookie AdminPwd válida incluso cuando no se ingresó la contraseña de administrador web. • http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html http://seclists.org/fulldisclosure/2023/Jan/14 https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-45923
https://notcve.org/view.php?id=CVE-2022-45923
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker. Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). El programa cs.exe de Common Gateway Interface (CGI) permite a un atacante aumentar/disminuir una dirección de memoria arbitraria en 1 y activar una llamada a un método de vftable con un valor de puntero de vftable elegido por el atacante. • http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html http://seclists.org/fulldisclosure/2023/Jan/10 https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component • CWE-502: Deserialization of Untrusted Data •