cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-45922,https://securityvulnerability.io/vulnerability/CVE-2022-45922,Post-Authentication Vulnerability in OpenText Content Suite Platform by OpenText,"A security flaw was identified in OpenText Content Suite Platform version 22.1 (16.2.19.1803), where the ll.KeepAliveSession request handler improperly sets a valid AdminPwd cookie without requiring the correct Web Admin password. This oversight can lead to unauthorized access to sensitive endpoints that are intended to only be accessible with valid AdminPwd credentials, thus posing a significant security threat.",Opentext,Opentext Extended Ecm,8.8,HIGH,0.005710000172257423,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0
CVE-2022-45923,https://securityvulnerability.io/vulnerability/CVE-2022-45923,Remote Code Execution Vulnerability in OpenText Content Suite Platform,"A vulnerability in the OpenText Content Suite Platform allows an attacker to manipulate memory addresses through the Common Gateway Interface (CGI) program cs.exe. By incrementing or decrementing a memory address by 1, an attacker can exploit this flaw to execute arbitrary code. This poses significant security risks as it may lead to unauthorized access and control over affected systems.",Opentext,Opentext Extended Ecm,8.8,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0
CVE-2022-45924,https://securityvulnerability.io/vulnerability/CVE-2022-45924,File Deletion Vulnerability in OpenText Content Suite Platform,"A vulnerability exists in the OpenText Content Suite Platform 22.1 (16.2.19.1803) where a low-privilege user can exploit the itemtemplate.createtemplate2 endpoint to delete arbitrary files on the server's local filesystem. This poses significant risks, allowing unauthorized file manipulation, which could lead to data loss or system compromise.",Opentext,Opentext Extended Ecm,8.1,HIGH,0.0011099999537691474,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0
CVE-2022-45925,https://securityvulnerability.io/vulnerability/CVE-2022-45925,Information Disclosure in OpenText Content Suite Platform,"An issue in OpenText Content Suite Platform 22.1 allows unauthorized information disclosure through the 'xmlexport' action. When the 'requestContext' parameter is included in requests, the application inadvertently reveals various HTTP headers and sensitive CGI variables such as 'remote_addr' and 'server_name'. This could potentially expose critical server information to an attacker, leading to further security risks.",Opentext,Opentext Extended Ecm,7.5,HIGH,0.002839999971911311,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0
CVE-2022-45926,https://securityvulnerability.io/vulnerability/CVE-2022-45926,Web Reporting Issue in OpenText Content Suite Platform by OpenText,"A security issue was identified in OpenText Content Suite Platform 22.1, where a low-privilege user could exploit the 'notify.localizeEmailTemplate' endpoint to access and evaluate web reports. This flaw presents a potential risk for unauthorized data exposure, necessitating immediate attention to secure the application.",Opentext,Opentext Extended Ecm,8.8,HIGH,0.005710000172257423,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0
CVE-2022-45927,https://securityvulnerability.io/vulnerability/CVE-2022-45927,Authentication Bypass Vulnerability in OpenText Content Suite Platform,"A vulnerability exists in OpenText Content Suite Platform 22.1 where the Java application server enables an attacker to bypass authentication on QDS endpoints. This flaw allows unauthorized creation of objects and execution of arbitrary code, potentially compromising the integrity and security of the system.",Opentext,Opentext Extended Ecm,8.8,HIGH,0.005489999894052744,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0
CVE-2022-45928,https://securityvulnerability.io/vulnerability/CVE-2022-45928,Remote Code Execution Vulnerability in OpenText Content Suite Platform,"A vulnerability in the OpenText Content Suite Platform enables remote OScript code execution via multiple endpoints that allow the injection of the 'htmlFile' parameter. This parameter is processed within the HTML output rendering pipeline, leading to evaluations and executions of OScript code contained in HTML files. As a result, an attacker could manipulate files on the filesystem, establish new network connections, or run operating system commands, escalating the risk of extensive damage to the platform and its underlying infrastructure.",Opentext,Opentext Extended Ecm,8.8,HIGH,0.0047599999234080315,false,,false,false,false,,,false,false,,2023-01-18T00:00:00.000Z,0