Vulnerabilities > CVE-2022-45923 - Deserialization of Untrusted Data vulnerability in Opentext Extended ECM
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2023/Jan/10
- http://seclists.org/fulldisclosure/2023/Jan/10
- https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/
- https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/