CVE-2022-41221

Name of the Vulnerable Software and Affected Versions OpenText Archive Center Administration versions prior to 21.3

Description The issue allows XXE attacks, where authenticated users could upload XML files that are not sufficiently validated, potentially leading to data exfiltration or localized denial of service against the application instance and system of the user running it.

Recommendations For OpenText Archive Center Administration versions 16.2.3 and 21.2, update to a version newer than 21.2 to resolve the issue. For older versions of OpenText Archive Center Administration, update to a version newer than 21.2 to resolve the issue. As a temporary workaround, consider restricting the upload of XML files to the application until a patch is available.