Lucene search

[email protected]CVE-2022-41221

HistoryMay 24, 2023 - 9:15 p.m.

CVE-2022-41221

2023-05-2421:15:10

CWE-611

[email protected]

web.nvd.nist.gov

opentext

archive center

administration

xxe attacks

cve-2022-41221

data exfiltration

denial of service

xml files

security vulnerability

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.

Affected configurations

NVD

Node

opentextarchive_center_administrationRange≤21.2

CPENameOperatorVersion
opentext:archive_center_administrationopentext archive center administrationle21.2

CPE	Name	Operator	Version
opentext:archive_center_administration	opentext archive center administration	le	21.2

References

labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2022-41221

nvd1 cvelist1 prion1