Information Disclosure in OpenText Content Suite Platform
CVE-2022-45925

7.5HIGH

Key Information:

Vendor: Opentext
Status: Opentext Extended Ecm
Vendor: CVE Published:; 18 January 2023

Summary

An issue in OpenText Content Suite Platform 22.1 allows unauthorized information disclosure through the 'xmlexport' action. When the 'requestContext' parameter is included in requests, the application inadvertently reveals various HTTP headers and sensitive CGI variables such as 'remote_addr' and 'server_name'. This could potentially expose critical server information to an attacker, leading to further security risks.

References

https://sec-consult.com/vulnerability-lab/advisory/multip...

http://seclists.org/fulldisclosure/2023/Jan/14

mailing-list

http://packetstormsecurity.com/files/170615/OpenText-Exte...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Nov 27, 2022