Description
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.
References
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2023/Jan/13
ExploitMailing ListThird Party Advisory
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2023/Jan/13
ExploitMailing ListThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-18T22:15:10.473
2 years agoLast modified
2025-04-04T17:15:45.247
2 months ago