Authorization Flaw in OpenText Content Server REST API for Windows and Linux
CVE-2024-12862

5.5MEDIUM

Key Information:

Vendor: Opentext
Status: Content Server
Vendor: CVE Published:; 21 April 2025

What is CVE-2024-12862?

An authorization vulnerability exists in the OpenText Content Server REST API that permits users lacking proper permissions to remove external collaborators from the system. This issue is particularly pervasive across specific versions of the Content Server operating on Windows and Linux platforms, necessitating immediate attention to mitigate unauthorized access and ensure robust data governance.

Affected Version(s)

Content Server Windows 20.2-24.4

References

https://support.opentext.com/csm?id=ot_kb_unauthenticated...

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Dec 20, 2024

Opentext

What is CVE-2024-12862?

Affected Version(s)

References

CVSS V4

Timeline