CVE-2022-45924

Опубликовано: 18 янв. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.

Ссылки

http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jan/14
Exploit
Mailing List
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jan/14
Exploit
Mailing List
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

Версия от 20.4 (включая) до 22.3 (включая)

EPSS

Процентиль: 79%

0.01233

Низкий

8.1 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-276

Связанные уязвимости

GHSA-5fcm-cpg2-2p27