PT-2025-17436 · Opentext · Opentext Content Server
Hussein Bahmad
·
Published
2025-04-21
·
Updated
2025-04-21
·
CVE-2024-12862
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
OpenText Content Server versions 20.2 through 24.4
Description
The issue is related to an Incorrect Authorization vulnerability in the OpenText Content Server REST API, allowing users without the appropriate permissions to remove external collaborators.
Recommendations
For versions 20.2 through 24.4, consider restricting access to the REST API until a patch is available.
As a temporary workaround, limit the ability of users to remove external collaborators to minimize the risk of exploitation.
Avoid using the API for collaborator management until the issue is resolved.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Content Server