Opentext Extended Ecm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Opentext Extended Ecm.
By the Year
In 2026 there have been 0 vulnerabilities in Opentext Extended Ecm. Opentext Extended Ecm did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 7 | 8.51 |
It may take a day or so for new Opentext Extended Ecm vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opentext Extended Ecm Security Vulnerabilities
OpenText Content Suite Platform 22.1: QDS Auth Bypass via Java App Server
CVE-2022-45927
8.8 - High
- January 18, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.
Insecure Direct Object Reference / IDOR
OpenText Content Suite 22.1 (16.2.19.1803) cs.exe Exploitable Memory Manipulation
CVE-2022-45923
8.8 - High
- January 18, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.
Marshaling, Unmarshaling
OpenText Content Suite 22.1 Remote OScript RCE via htmlFile param
CVE-2022-45928
8.8 - High
- January 18, 2023
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.
OpenText CMS 22.1: Low-Priv eval webreports via notify.localizeEmailTemplate
CVE-2022-45926
8.8 - High
- January 18, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
SSRF
OpenText Content Suite Platform 22.1: XML Export requestContext Disclosure
CVE-2022-45925
7.5 - High
- January 18, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
OpenText Content Suite 22.1: Low-Priv File Delete itemtemplate.createtemplate2
CVE-2022-45924
8.1 - High
- January 18, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
OpenText Content Suite 22.1 AdminPwd Cookie Bypass via KeepAliveSession
CVE-2022-45922
8.8 - High
- January 18, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Opentext Extended Ecm or by Opentext? Click the Watch button to subscribe.
