A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Jan/14 | Exploit Mailing List Third Party Advisory |
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ | Exploit Third Party Advisory |
Configurations
History
25 Jan 2023, 21:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ - Exploit, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2023/Jan/14 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html - Exploit, Third Party Advisory, VDB Entry | |
First Time |
Opentext opentext Extended Ecm
Opentext |
|
CWE | NVD-CWE-Other |
20 Jan 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Jan 2023, 23:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-18 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45928
Mitre link : CVE-2022-45928
CVE.ORG link : CVE-2022-45928
JSON object : View
Products Affected
opentext
- opentext_extended_ecm
CWE