PT-2023-14797 · Opentext · Opentext Content Suite Platform
Armin Stock
·
Published
2023-01-18
·
Updated
2023-01-26
·
CVE-2022-45924
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenText Content Suite Platform version 16.2.19.1803
Description
An issue was discovered that allows a low-privilege user to delete arbitrary files on the server's local filesystem through the "itemtemplate.createtemplate2" endpoint.
Recommendations
For OpenText Content Suite Platform version 16.2.19.1803, consider restricting access to the "itemtemplate.createtemplate2" endpoint to prevent low-privilege users from deleting arbitrary files on the server's local filesystem.
Exploit
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Content Suite Platform