PT-2023-13967 · Opentext · Opentext Archive Center Administration
Ben Berkowitz
·
Published
2023-05-24
·
Updated
2025-01-17
·
CVE-2022-41221
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenText Archive Center Administration versions prior to 21.3
Description
The issue allows XXE attacks, where authenticated users could upload XML files that are not sufficiently validated, potentially leading to data exfiltration or localized denial of service against the application instance and system of the user running it.
Recommendations
For OpenText Archive Center Administration versions 16.2.3 and 21.2, update to a version newer than 21.2 to resolve the issue.
For older versions of OpenText Archive Center Administration, update to a version newer than 21.2 to resolve the issue.
As a temporary workaround, consider restricting the upload of XML files to the application until a patch is available.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Archive Center Administration