CVE-2022-45927
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.
Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). El servidor de aplicaciones Java se puede utilizar para omitir la autenticación de los endpoints QDS del servidor de contenidos. Estos endpoints se pueden utilizar para crear objetos y ejecutar código arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-11-27 CVE Reserved
- 2023-01-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opentext Search vendor "Opentext" | Opentext Extended Ecm Search vendor "Opentext" for product "Opentext Extended Ecm" | >= 20.4 < 22.4 Search vendor "Opentext" for product "Opentext Extended Ecm" and version " >= 20.4 < 22.4" | - |
Affected
| ||||||