Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.
The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText’s Extended ECM, which is designed for managing the distribution and use of information across an organization. Specifically, the flaws impact the product’s Content Server component.
The security firm this week published three different advisories describing its findings.
OpenText was informed about the vulnerabilities in October 2022 and patched them earlier this month with the release of version 22.4, according to Sec Consult.
One of the critical vulnerabilities, tracked as CVE-2022-45923, can allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.
The second critical flaw, CVE-2022-45927, impacts the Java Frontend of the OpenText Content Server component and can allow an attacker to bypass authentication. Exploitation could ultimately lead to remote code execution.
Sec Consult has also identified five types of vulnerabilities in the Content Server component that can be exploited by authenticated attackers.
These issues, rated ‘high impact’, can be exploited to delete arbitrary files on the server, escalate privileges, obtain potentially valuable information, launch server-side request forgery (SSRF) attacks, and execute arbitrary code.
Proof-of-concept (PoC) code is available for the high-impact issues, but the advisories describing the critical flaws do not include PoC code in an effort to prevent malicious exploitation.