Vulnerabilities > CVE-2022-45924 - Unspecified vulnerability in Opentext Extended ECM

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opentext

NVD

Published: 2023-01-18

Updated: 2023-01-26

Summary

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.

Vulnerable Configurations

Part	Description	Count
Application	Opentext Opentext Opentext Extended ECM 20.4 Opentext Opentext Extended ECM 21.1 Opentext Opentext Extended ECM 22.1 Opentext Opentext Extended ECM 22.3	4

References

https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/
http://seclists.org/fulldisclosure/2023/Jan/14
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html