Cross-Site Request Forgery Vulnerability in OpenText ECM by OpenText
CVE-2010-5283

Currently unrated

Key Information:

Vendor

Opentext
Status
Livelink Ecm
Vendor
CVE Published:
26 November 2012

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2010-5283?

A Cross-Site Request Forgery (CSRF) vulnerability in OpenText ECM versions allows remote attackers to exploit user sessions, specifically targeting administrators. This flaw can lead to unauthorized changes to folder and resource permissions, creating opportunities for attackers to manipulate system settings without proper authentication. Organizations utilizing OpenText ECM are advised to implement security measures to protect against potential exploitation of this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-5283 - Proof of Concept

References

http://www.osvdb.org/68255
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/41553
third-party-advisoryx_refsource_SECUNIA
http://packetstormsecurity.org/1009-exploits/opentext-xsr...
x_refsource_MISC

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.