CVE-2022-35898

Name of the Vulnerable Software and Affected Versions OpenText BizManager versions prior to 16.6.0.1

Description The issue arises from improper validation during the change-password operation, allowing any authenticated user to change the password of any other user, including the Administrator account.

Recommendations For versions prior to 16.6.0.1, update to version 16.6.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the change-password operation to minimize the risk of exploitation.