Description

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

Related CPE's

a

opentext

opentext_extended_ecm

Vulnerable

References

http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jan/13

ExploitMailing ListThird Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/

ExploitThird Party Advisory

http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2023/Jan/13

ExploitMailing ListThird Party Advisory

https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-639

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-639

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-18T22:15:10.473

2 years ago

Last modified

2025-04-04T17:15:45.247

2 months ago