Описание
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 21.1 (включая) до 22.1 (включая)
cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02086
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-287
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
EPSS
Процентиль: 84%
0.02086
Низкий
8.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-287