[Nulled] » Information security » The OpenText Enterprise Content Management (ECM) system
January 23 2023

The OpenText Enterprise Content Management (ECM) system

The OpenText Enterprise Content Management (ECM) system is subject to a variety of vulnerabilities, including critical RCE without authentication.

OpenText Extended ECM is an enterprise CMS platform that implements management and integration with leading enterprise applications such as SAP, Microsoft 365, Salesforce and SAP SuccessFactors.

OpenText Extended ECM vulnerabilities were discovered by researcher Armin Stock from Sec Consult.

The problems mainly affect the Content Server and are described in three different bulletins.

According to Sec Consult, OpenText was informed about the vulnerabilities in October 2022, after which the developer managed to release version 22.4 with the necessary fixes in January 2023.

One of the critical vulnerabilities of CVE-2022-45923 may allow an unauthorized attacker to execute arbitrary code using specially created requests.

The second critical CVE-2022-45927 affects the external interface of the Java component of the OpenText Content Server and may allow an attacker to bypass authentication. 

Exploitation may eventually lead to remote code execution.

Other vulnerabilities discovered by Sec Consult (CVE-2022-45922, CVE-2022-45924, CVE-2022-45925, CVE-2022-45926 and CVE-2022-45928) can be exploited by authenticated attackers.

All of them are assessed as serious and can be used to delete arbitrary files on the server, elevate privileges, obtain potentially valuable information, launch server-side request forgery attacks (SSRF) and execute arbitrary code.

PoC is available for all problems, except for critical flaws, to prevent their possible malicious use.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:44
  • Publication category(s): Information security
  • Number of views of the publication: 318
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
23 January 2023
Information security
Oracle has announced the

Oracle has announced the release of the first critical update in 2023, which includes 327 new security fixes. At

Read more
23 January 2023
Information security
RCE vulnerabilities were

RCE vulnerabilities were discovered in TP-Link and NetComm routers. CVE-2022-4498 and CVE-2022-4499 affect TP-Link

Read more
16 January 2023
Information security
Microsoft's January

Microsoft's January PatchTuesday was released with fixes for a record 98 documented software vulnerabilities.

Read more
23 January 2023
Information security
Cisco has announced

Cisco has announced fixes for a serious SQL vulnerability in Unified Communications Manager (CM) and Unified

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +46 Total articles 6747
  • +18 Comments 4082
  • +35 Users : 5872