CVE-2022-35898

CVE-2022-35898 affects OpenText BizManager prior to 16.6.0.1. The issue is a failure to validate during the change-password operation, enabling any authenticated user to change the password of any other user (including Administrator). This is described across multiple sources (e.g., Red Hat, CNVD...

CVE-2022-35898

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account...

PT-2023-13451 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText BizManager versions prior to 16.6.0.1 Description: The issue arises from improper validation during the change-password operation, allowing any authenticated user to change the password of any other user, including the Administrator...

CVE-2022-35898

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account...

OpenText BizManager 授权问题漏洞

OpenText BizManager is an integrated B2B gateway from OpenText Japan. Almost all document types, communication protocols and industry standards are supported. A security vulnerability previously existed in OpenText BizManager version 16.6.0.1, which stemmed from a failure to perform proper...

OpenText Extended ECM 22.3 Java Frontend Remote Code Execution Vulnerability

======================================================================= title: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number:...

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation Vulnerabilities

======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45924,...

OpenText Extended ECM 22.3 cs.exe Remote Code Execution Vulnerability

======================================================================= title: Pre-authenticated Remote Code Execution in cs.exe product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45923 impact: Critical...

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed...

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

CVE-2022-45923

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...

CVE-2022-45923

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...

Design/Logic Flaw

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...

Authentication flaw

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...

CVE-2022-45922

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the...

CVE-2022-45924

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem...

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...