CVE-2022-45923

Published: Jan 18, 2023Modified: Apr 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.

Affected (1)

Products: Opentext: Opentext Extended Ecm

1 product

Opentext Extended Ecm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opentext Opentext Extended Ecm	From 20.4 to 22.4

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jan/10

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jan/10

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.