Vulnerabilities (CVE)

Filtered by vendor Opentext Subscribe
Filtered by product Opentext Extended Ecm
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-45926 1 Opentext 1 Opentext Extended Ecm 2023-01-26 N/A 8.8 HIGH
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
CVE-2022-45925 1 Opentext 1 Opentext Extended Ecm 2023-01-26 N/A 7.5 HIGH
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
CVE-2022-45924 1 Opentext 1 Opentext Extended Ecm 2023-01-26 N/A 8.1 HIGH
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
CVE-2022-45922 1 Opentext 1 Opentext Extended Ecm 2023-01-26 N/A 8.8 HIGH
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
CVE-2022-45928 1 Opentext 1 Opentext Extended Ecm 2023-01-25 N/A 8.8 HIGH
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.