The OpenText Enterprise Content Management (ECM) system is subject to a variety of vulnerabilities, including critical RCE without authentication.
OpenText Extended ECM is an enterprise CMS platform that implements management and integration with leading enterprise applications such as SAP, Microsoft 365, Salesforce and SAP SuccessFactors.
OpenText Extended ECM vulnerabilities were discovered by researcher Armin Stock from Sec Consult.
The problems mainly affect the Content Server and are described in three different bulletins.
According to Sec Consult, OpenText was informed about the vulnerabilities in October 2022, after which the developer managed to release version 22.4 with the necessary fixes in January 2023.
One of the critical vulnerabilities of CVE-2022-45923 may allow an unauthorized attacker to execute arbitrary code using specially created requests.
The second critical CVE-2022-45927 affects the external interface of the Java component of the OpenText Content Server and may allow an attacker to bypass authentication.
Exploitation may eventually lead to remote code execution.
Other vulnerabilities discovered by Sec Consult (CVE-2022-45922, CVE-2022-45924, CVE-2022-45925, CVE-2022-45926 and CVE-2022-45928) can be exploited by authenticated attackers.
All of them are assessed as serious and can be used to delete arbitrary files on the server, elevate privileges, obtain potentially valuable information, launch server-side request forgery attacks (SSRF) and execute arbitrary code.
PoC is available for all problems, except for critical flaws, to prevent their possible malicious use.