Vulnerability Description
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Opentext Extended Ecm | >= 16.2.2, <= 22.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-DeleExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2023/Jan/14ExploitMailing ListThird Party Advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-ExploitThird Party Advisory
- http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-DeleExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2023/Jan/14ExploitMailing ListThird Party Advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-ExploitThird Party Advisory
FAQ
What is CVE-2022-45925?
CVE-2022-45925 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of t...
How severe is CVE-2022-45925?
CVE-2022-45925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45925?
Check the references section above for vendor advisories and patch information. Affected products include: Opentext Opentext Extended Ecm.