Post-Authentication Vulnerability in OpenText Content Suite Platform by OpenText
CVE-2022-45922

8.8HIGH

Key Information:

Vendor: Opentext
Status: Opentext Extended Ecm
Vendor: CVE Published:; 18 January 2023

Summary

A security flaw was identified in OpenText Content Suite Platform version 22.1 (16.2.19.1803), where the ll.KeepAliveSession request handler improperly sets a valid AdminPwd cookie without requiring the correct Web Admin password. This oversight can lead to unauthorized access to sensitive endpoints that are intended to only be accessible with valid AdminPwd credentials, thus posing a significant security threat.

References

https://sec-consult.com/vulnerability-lab/advisory/multip...

http://seclists.org/fulldisclosure/2023/Jan/14

mailing-list

http://packetstormsecurity.com/files/170615/OpenText-Exte...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Nov 27, 2022