CVE-2022-45922
Description
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
References
ExploitThird Party Advisory
ExploitMailing ListThird Party Advisory
ExploitThird Party AdvisoryVDB Entry
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics