CVE-2022-45927

Description

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

Related CPE's

aopentextopentext_extended_ecm********

References

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/

ExploitThird Party Advisory

20230119 SEC Consult SA-20230117-1 :: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint in @OpenText Content Server component of OpenText Extended ECM

ExploitMailing ListThird Party Advisory

http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io