CVE-2022-45925 - OpenCVE

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Opentext	Opentext Extended Ecm

Configuration 1 [-]

cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2023/Jan/14	Exploit Mailing List Third Party Advisory
https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-18T00:00:00

Updated: 2023-01-20T00:00:00

Reserved: 2022-11-27T00:00:00

Link: CVE-2022-45925

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-01-18T21:15:10.897

Modified: 2023-01-26T19:11:47.677

Link: CVE-2022-45925

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F8742DC-4070-41D4-A5FE-B0B5A3675FE6", "versionEndIncluding": "22.3", "versionStartIncluding": "16.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). La acci\u00f3n xmlexport acepta el par\u00e1metro requestContext. Si este par\u00e1metro est\u00e1 presente, la respuesta incluye la mayor\u00eda de los encabezados HTTP enviados al servidor y algunas de las variables CGI como remote_adde y server_name, que es una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2022-45925", "lastModified": "2023-01-26T19:11:47.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-18T21:15:10.897", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jan/14"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}