CVE-2022-45925
First published: Wed Jan 18 2023(Updated: )
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opentext Opentext Extended Ecm | >=16.2.2<=22.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-45925?
The severity of CVE-2022-45925 is high with a CVSS score of 7.5.
How can I fix CVE-2022-45925?
To mitigate CVE-2022-45925, it is recommended to update to a patched version provided by OpenText Content Suite Platform.
What is the impact of CVE-2022-45925?
CVE-2022-45925 allows an attacker to obtain sensitive information including HTTP headers and CGI variables, potentially leading to further exploitation.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/opentext
- canonical/opentext opentext extended ecm
- version/opentext opentext extended ecm/16.2.2
- version/opentext opentext extended ecm/22.3