Vulnerabilities

CVE-2022-45922

by Fred · 18/01/2023

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

Date published : 2023-01-18

http://seclists.org/fulldisclosure/2023/Jan/14

http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html

Similar

Tags: Cybersecurity Alert