Vulnerabilities > CVE-2022-45927 - Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

opentext

CWE-639

NVD

Published: 2023-01-18

Updated: 2023-01-30

Summary

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Opentext Opentext Opentext Extended ECM 20.4 Opentext Opentext Extended ECM 21.1 Opentext Opentext Extended ECM 22.1 Opentext Opentext Extended ECM 22.3	4

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/
http://seclists.org/fulldisclosure/2023/Jan/13
http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html