CVE-2022-45928

Name of the Vulnerable Software and Affected Versions OpenText Content Suite Platform version 16.2.19.1803

Description A remote OScript execution issue was discovered, allowing an attacker to execute OScript code by passing the htmlFile parameter through multiple endpoints. The Content Server evaluates and executes OScript code in HTML files, enabling the attacker to manipulate files on the filesystem, create new network connections, or execute OS commands.

Recommendations For OpenText Content Suite Platform version 16.2.19.1803, consider restricting access to the htmlFile parameter in the affected API endpoints until a patch is available. As a temporary workaround, disabling the execution of OScript code in HTML files could minimize the risk of exploitation.