CVE-2022-45925

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-45925
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2023/Jan/14 Exploit Mailing List Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*
History

26 Jan 2023, 19:11

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Opentext opentext Extended Ecm
Opentext
References (MISC) https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ - (MISC) https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ - Exploit, Third Party Advisory
References (FULLDISC) http://seclists.org/fulldisclosure/2023/Jan/14 - (FULLDISC) http://seclists.org/fulldisclosure/2023/Jan/14 - Exploit, Mailing List, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html - (MISC) http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

20 Jan 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html -

20 Jan 2023, 05:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2023/Jan/14 -

18 Jan 2023, 23:38

Type Values Removed Values Added
New CVE
Information

Published : 2023-01-18 21:15

Updated : 2023-12-10 14:48

NVD link : CVE-2022-45925

Mitre link : CVE-2022-45925

CVE.ORG link : CVE-2022-45925

JSON object : View

Products Affected

opentext

  • opentext_extended_ecm
CWE
NVD-CWE-noinfo