CVE-2022-45927

Published: Jan 18, 2023Modified: Apr 4, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

Affected (1)

Products: Opentext: Opentext Extended Ecm

1 product

Opentext Extended Ecm

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opentext Opentext Extended Ecm	From 20.4 to 22.4

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (6)

http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jan/13

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jan/13

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.