CVE-2022-45928

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.

Se descubrió un problema de ejecución remota de OScript en OpenText Content Suite Platform 22.1 (16.2.19.1803). Varios endpoints permiten al usuario pasar el parámetro htmlFile, que se incluye en el proceso de representación de salida HTML de una solicitud. Debido a que Content Server evalúa y ejecuta código Oscript en archivos HTML, es posible que un atacante ejecute código Oscript. El lenguaje de programación Oscript permite al atacante (por ejemplo) manipular archivos en el sistema de archivos, crear nuevas conexiones de red o ejecutar comandos del sistema operativo.

OpenText Extended ECM versions 16.2.2 through 22.3 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-27 CVE Reserved
2023-01-18 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-09-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	2024-08-03
http://seclists.org/fulldisclosure/2023/Jan/14	2024-08-03
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opentext Search vendor "Opentext"		Opentext Extended Ecm Search vendor "Opentext" for product "Opentext Extended Ecm"				>= 16.2.2 <= 22.3 Search vendor "Opentext" for product "Opentext Extended Ecm" and version " >= 16.2.2 <= 22.3"		-		Affected