CVE-2022-45925
OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). La acción xmlexport acepta el parámetro requestContext. Si este parámetro está presente, la respuesta incluye la mayoría de los encabezados HTTP enviados al servidor y algunas de las variables CGI como remote_adde y server_name, que es una divulgación de información.
OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-27 CVE Reserved
- 2023-01-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opentext Search vendor "Opentext" | Opentext Extended Ecm Search vendor "Opentext" for product "Opentext Extended Ecm" | >= 16.2.2 <= 22.3 Search vendor "Opentext" for product "Opentext Extended Ecm" and version " >= 16.2.2 <= 22.3" | - |
Affected
| ||||||