Lucene search

K
cve[email protected]CVE-2022-41221
HistoryMay 24, 2023 - 9:15 p.m.

CVE-2022-41221

2023-05-2421:15:10
CWE-611
web.nvd.nist.gov
16
opentext
archive center
administration
xxe attacks
cve-2022-41221
data exfiltration
denial of service
xml files
security vulnerability

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.

Affected configurations

NVD
Node
opentextarchive_center_administrationRange21.2

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

Related for CVE-2022-41221