{"id":16630,"date":"2023-01-24T10:32:17","date_gmt":"2023-01-24T09:32:17","guid":{"rendered":"https:\/\/www.show.it\/critical-vulnerabilities-patched-in-opentext-enterprise-content-management-system-2\/"},"modified":"2023-01-24T10:32:17","modified_gmt":"2023-01-24T09:32:17","slug":"critical-vulnerabilities-patched-in-opentext-enterprise-content-management-system-2","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/critical-vulnerabilities-patched-in-opentext-enterprise-content-management-system-2\/","title":{"rendered":"Critical Vulnerabilities Patched in OpenText Enterprise Content Management System"},"content":{"rendered":"

Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText\u2019s enterprise content management (ECM) product.<\/strong><\/p>\n

The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText\u2019s Extended ECM, which is designed for managing the distribution and use of information across an organization. Specifically, the flaws impact the product\u2019s Content Server component.<\/p>\n

The security firm this week published three different advisories describing its findings.<\/p>\n

OpenText was informed about the vulnerabilities in October 2022 and patched them earlier this month with the release of version 22.4, according to Sec Consult.<\/p>\n

One of the critical vulnerabilities, tracked as\u00a0CVE-2022-45923<\/a>, can allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.<\/p>\n

The second critical flaw,\u00a0CVE-2022-45927<\/a>, impacts the Java Frontend of the OpenText Content Server component and can allow an attacker to bypass authentication. Exploitation could ultimately lead to remote code execution.<\/p>\n

Sec Consult has also identified\u00a0five types of vulnerabilities<\/a>\u00a0in the Content Server component that can be exploited by authenticated attackers.<\/p>\n

These issues, rated \u2018high impact\u2019, can be exploited to delete arbitrary files on the server, escalate privileges, obtain potentially valuable information, launch server-side request forgery (SSRF) attacks, and execute arbitrary code.<\/p>\n

Proof-of-concept (PoC) code is available for the high-impact issues, but the advisories describing the critical flaws do not include PoC code in an effort to prevent malicious exploitation.<\/p>\n

Related:\u00a0<\/strong>Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms<\/a><\/p>\n

Related:\u00a0<\/strong>InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes<\/a><\/p>\n

Related:\u00a0<\/strong>OpenText Acquires Email Security Firm Zix for $860 Million<\/a><\/p>\n

The post Critical Vulnerabilities Patched in OpenText Enterprise Content Management System<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText\u2019s enterprise content management (ECM) product. The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText\u2019s Extended ECM, which is designed for managing the distribution and use of information […]<\/p>\n","protected":false},"author":2,"featured_media":16631,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[29,71,23],"tags":[],"class_list":["post-16630","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-security","category-funding-ma","category-vulnerabilities"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16630"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16630\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16631"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}