PT-2023-14797 · Opentext · Opentext Content Suite Platform

Armin Stock

Publicado

2023-01-18

Atualizado

2023-01-26

CVE-2022-45924

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenText Content Suite Platform version 16.2.19.1803

Description An issue was discovered that allows a low-privilege user to delete arbitrary files on the server's local filesystem through the "itemtemplate.createtemplate2" endpoint.

Recommendations For OpenText Content Suite Platform version 16.2.19.1803, consider restricting access to the "itemtemplate.createtemplate2" endpoint to prevent low-privilege users from deleting arbitrary files on the server's local filesystem.

Exploit

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2022-45924

Produtos afetados

Opentext Content Suite Platform

PT-2023-14797 · Opentext · Opentext Content Suite Platform

CVE-2022-45924

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8