PT-2023-14800 · Opentext · Opentext Content Suite Platform
Armin Stock
·
Published
2023-01-18
·
Updated
2025-04-04
·
CVE-2022-45927
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenText Content Suite Platform version 22.1 (16.2.19.1803)
Description
An issue in the Java application server allows bypassing authentication of QDS endpoints in the Content Server. These endpoints can be exploited to create objects and execute arbitrary code.
Recommendations
For OpenText Content Suite Platform version 22.1 (16.2.19.1803), consider restricting access to the QDS endpoints of the Content Server until a patch is available. As a temporary workaround, disabling the Java application server or limiting its functionality may help minimize the risk of exploitation.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Content Suite Platform