CVE-2022-45925

Name of the Vulnerable Software and Affected Versions OpenText Content Suite Platform version 16.2.19.1803

Description An issue was discovered where the action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote adde and server name, which is an information disclosure.

Recommendations For OpenText Content Suite Platform version 16.2.19.1803, consider restricting access to the xmlexport action or removing the requestContext parameter to minimize the risk of information disclosure. As a temporary workaround, avoid using the requestContext parameter in the affected action until a patch is available.