CVE-2022-45925

{"id": "CVE-2022-45925", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-18T21:15:10.897", "references": [{"url": "http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2023/Jan/14", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2023/Jan/14", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). La acci\u00f3n xmlexport acepta el par\u00e1metro requestContext. Si este par\u00e1metro est\u00e1 presente, la respuesta incluye la mayor\u00eda de los encabezados HTTP enviados al servidor y algunas de las variables CGI como remote_adde y server_name, que es una divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-04-04T18:15:43.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F8742DC-4070-41D4-A5FE-B0B5A3675FE6", "versionEndIncluding": "22.3", "versionStartIncluding": "16.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}