2 matches found
OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed...
CVE-2022-45922
OpenText Content Suite Platform 22.1 (16.2.19.1803) contains a post-authentication flaw in the ll.KeepAliveSession request handler. It sets a valid AdminPwd cookie even when the Web Admin password was not entered, allowing access to endpoints that require AdminPwd without knowing the password. CV...