Authorization Flaw in OpenText Content Server REST API for Windows and Linux
CVE-2024-12862

5.5MEDIUM

Key Information:

Vendor: Opentext
Status: Content Server
Vendor: CVE Published:; 21 April 2025

Summary

An authorization vulnerability exists in the OpenText Content Server REST API that permits users lacking proper permissions to remove external collaborators from the system. This issue is particularly pervasive across specific versions of the Content Server operating on Windows and Linux platforms, necessitating immediate attention to mitigate unauthorized access and ensure robust data governance.

Affected Version(s)

Content Server Windows 20.2-24.4

References

https://support.opentext.com/csm?id=ot_kb_unauthenticated...

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Dec 20, 2024