1938 matches found
CVE-2022-45926
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...
CVE-2022-45925
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...
CVE-2022-45922
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the...
Design/Logic Flaw
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the...
Design/Logic Flaw
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...
Input validation
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...
Information disclosure
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...
Design/Logic Flaw
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem...
OpenText Content Suite Platform 安全漏洞
OpenText Content Suite Platform is a top-of-the-line enterprise content management ECM system from OpenText. It can manage the entire enterprise information lifecycle, from capture to archiving and disposal. A security vulnerability exists in OpenText Content Suite Platform version 22.1, which...
CVE-2022-45928
OpenText Content Suite Platform 22.1 (16.2.19.1803) is affected by a remote OScript execution vulnerability. Multiple endpoints accept the htmlFile parameter, which is processed in the HTML rendering pipeline and can trigger Oscript code execution in the Content Server. The underlying risk is tha...
CVE-2022-45927
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...
OpenText Content Suite Platform 安全漏洞
OpenText Content Suite Platform is a top-of-the-line enterprise content management ECM system from OpenText. It can manage the entire enterprise information lifecycle, from capture to archiving and disposal. A security vulnerability exists in OpenText Content Suite Platform version 22.1, which...
CVE-2022-45928
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...
PT-2023-14800 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 22.1 16.2.19.1803 Description: An issue in the Java application server allows bypassing authentication of QDS endpoints in the Content Server. These endpoints can be exploited to create objects and...
OpenText Content Suite Platform 安全漏洞
OpenText Content Suite Platform is a top-of-the-line enterprise content management ECM system from OpenText. can manage the entire enterprise information lifecycle, from capture to archiving and disposal. A security vulnerability exists in OpenText Content Suite Platform version 22.1 that stems...
OpenText Content Suite Platform 代码问题漏洞
OpenText Content Suite Platform is a top-of-the-line enterprise content management ECM system from OpenText. can manage the entire enterprise information lifecycle, from capture to archiving and disposal. A security vulnerability exists in OpenText Content Suite Platform version 22.1, which...
CVE-2022-45925
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...
CVE-2022-45928
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...
CVE-2022-45926
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...
CVE-2022-45926
OpenText Content Suite Platform 22.1 (16.2.19.1803) has a vulnerability in the endpoint notify.localizeEmailTemplate that allows a low-privilege user to evaluate webreports. Root cause is an access-control issue on this endpoint. Impact is described as high (C, I, and A) with CVSS v3.1 base score...