CVE-2022-45926

Опубликовано: 18 янв. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.

Ссылки

http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jan/14
Exploit
Mailing List
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jan/14
Exploit
Mailing List
Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

Версия от 20.4 (включая) до 22.3 (включая)

EPSS

Процентиль: 84%

0.02276

Низкий

8.8 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-9pwg-jcxf-3vjr