CVE-2022-45923

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.
Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:29

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en OpenText Content Suite Platform 22.1 (16.2.19.1803). El programa cs.exe de Common Gateway Interface (CGI) permite a un atacante aumentar/disminuir una dirección de memoria arbitraria en 1 y activar una llamada a un método de vftable con un valor de puntero de vftable elegido por el atacante.
References () http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2023/Jan/10 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2023/Jan/10 - Exploit, Mailing List, Third Party Advisory
References () https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/ - Exploit, Third Party Advisory () https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/ - Exploit, Third Party Advisory

Information

Published : 2023-01-18 22:15

Updated : 2024-11-21 07:29


NVD link : CVE-2022-45923

Mitre link : CVE-2022-45923

CVE.ORG link : CVE-2022-45923


JSON object : View

Products Affected

opentext

  • opentext_extended_ecm
CWE
CWE-502

Deserialization of Untrusted Data