Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-45922

Published: 18/01/2023 Updated: 26/01/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Opentext Extended Ecm

Vulnerability Summary

An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opentext opentext extended ecm

Exploits

Exploit DB: OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation
OpenText Extended ECM versions 1622 through 223 suffer from arbitrary file deletion, information disclosure, local file inclusion, and privilege escalation vulnerabilities ...

References

NVD-CWE-noinfohttps://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/http://seclists.org/fulldisclosure/2023/Jan/14http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook