The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.
References
| Link | Resource |
|---|---|
| https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability | Exploit Third Party Advisory |
| https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:22
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability - Exploit, Third Party Advisory |
01 Jun 2023, 15:38
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Opentext
Opentext archive Center Administration |
|
| CWE | CWE-611 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
| CPE | cpe:2.3:a:opentext:archive_center_administration:*:*:*:*:*:*:*:* | |
| References | (MISC) https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability - Exploit, Third Party Advisory |
Information
Published : 2023-05-24 21:15
Updated : 2024-11-21 07:22
NVD link : CVE-2022-41221
Mitre link : CVE-2022-41221
CVE.ORG link : CVE-2022-41221
JSON object : View
Products Affected
opentext
- archive_center_administration
CWE
CWE-611
Improper Restriction of XML External Entity Reference