Web Reporting Issue in OpenText Content Suite Platform by OpenText
CVE-2022-45926

8.8HIGH

Key Information:

Vendor: Opentext
Status: Opentext Extended Ecm
Vendor: CVE Published:; 18 January 2023

Summary

A security issue was identified in OpenText Content Suite Platform 22.1, where a low-privilege user could exploit the 'notify.localizeEmailTemplate' endpoint to access and evaluate web reports. This flaw presents a potential risk for unauthorized data exposure, necessitating immediate attention to secure the application.

References

https://sec-consult.com/vulnerability-lab/advisory/multip...

http://seclists.org/fulldisclosure/2023/Jan/14

mailing-list

http://packetstormsecurity.com/files/170615/OpenText-Exte...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Nov 27, 2022