CVE-2022-45922
OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). El controlador de solicitudes para ll.KeepAliveSession establece una cookie AdminPwd válida incluso cuando no se ingresó la contraseña de administrador web. Esto permite el acceso a endpoints, que requieren una cookie AdminPwd válida, sin conocer la contraseña.
OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-27 CVE Reserved
- 2023-01-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opentext Search vendor "Opentext" | Opentext Extended Ecm Search vendor "Opentext" for product "Opentext Extended Ecm" | >= 21.1 <= 22.1 Search vendor "Opentext" for product "Opentext Extended Ecm" and version " >= 21.1 <= 22.1" | - |
Affected
| ||||||