Описание
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 16.2.2 (включая) до 22.3 (включая)
cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02337
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-200
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
EPSS
Процентиль: 84%
0.02337
Низкий
7.5 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-200