1938 matches found
PT-2023-14798 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered where the action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to th...
CVE-2022-45923
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...
PT-2023-14796 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered in the Common Gateway Interface CGI program cs.exe, allowing an attacker to increase or decrease an arbitrary memory address by 1 and trigger a call to ...
OpenText Content Suite Platform 代码问题漏洞
OpenText Content Suite Platform is a top-of-the-line enterprise content management ECM system from OpenText. It can manage the entire enterprise information lifecycle, from capture to archiving and disposal. A security vulnerability exists in OpenText Content Suite Platform version 22.1, which...
CVE-2022-45923
OpenText Content Suite Platform 22.1 (16.2.19.1803) is affected by CVE-2022-45923 via the CGI program cs.exe. The issue allows an attacker to increment or decrement an arbitrary memory address by 1 and trigger a call to a method of a vftable using a chosen vftable pointer value, enabling pre-auth...
CVE-2022-45924
CVE-2022-45924 affects OpenText Content Suite Platform 22.1 (16.2.19.1803). The vulnerability is in the endpoint itemtemplate.createtemplate2 which allows a low-privilege user to delete arbitrary files on the server’s local filesystem. Impact is described as high (I/H, A/H, CVSS 3.1: 8.1). A fixe...
CVE-2022-45924
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem...
CVE-2022-45924
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem...
CVE-2022-45922
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the...
CVE-2022-45922
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the...
PT-2023-14797 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered that allows a low-privilege user to delete arbitrary files on the server's local filesystem through the "itemtemplate.createtemplate2" endpoint...
CVE-2022-45923
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...
CVE-2022-45927
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...
PT-2023-14799 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered that allows a low-privilege user to evaluate web reports through the "notify.localizeEmailTemplate" endpoint. Recommendations: For OpenText Content Suit...
PT-2023-14795 · Opentext · Opentext Content Suite Platform
Name of the Vulnerable Software and Affected Versions: OpenText Content Suite Platform version 16.2.19.1803 Description: An issue was discovered where the request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to...
CVE-2022-45927
OpenText Content Suite Platform 22.1 (16.2.19.1803) contains a flaw in the Java application server that can bypass authentication for the Content Server QDS endpoints, allowing creation of objects and arbitrary code execution. The issue is described as pre-auth remote code execution with high imp...
CVE-2022-45925
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...
CVE-2022-45925
CVE-2022-45925 affects OpenText Content Suite Platform 22.1 (16.2.19.1803). The vulnerability arises in the action xmlexport when the parameter requestContext is present; the response may disclose most HTTP headers and certain CGI variables (e.g., remote_adde, server_name), constituting an inform...
CVE-2022-45926
An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...
CVE-2022-45922
OpenText Content Suite Platform 22.1 (16.2.19.1803) contains a post-authentication flaw in the ll.KeepAliveSession request handler. It sets a valid AdminPwd cookie even when the Web Admin password was not entered, allowing access to endpoints that require AdminPwd without knowing the password. CV...