CVE-2022-41221

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:archive_center_administration:*:*:*:*:*:*:*:*

History

01 Jun 2023, 15:38

Type Values Removed Values Added
CWE CWE-611
References (MISC) https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability - (MISC) https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability - Exploit, Third Party Advisory
CPE cpe:2.3:a:opentext:archive_center_administration:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1

24 May 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-24 21:15

Updated : 2024-02-04 23:37


NVD link : CVE-2022-41221

Mitre link : CVE-2022-41221

CVE.ORG link : CVE-2022-41221


JSON object : View

Products Affected

opentext

  • archive_center_administration
CWE
CWE-611

Improper Restriction of XML External Entity Reference