GCVE - cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:opentext:opentext_extended_ecm:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Opentext (`5717091c-f148-5db6-be32-940ef0cdacf9`)
Product	Opentext Extended Ecm (`ca6f3142-6ab6-5b9d-8274-0657597d4dcf`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/googlegsa/opentext`	purl2cpe	2026-06-01 10:11:06.257121

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-45928`	vulnerable	2026-06-03 14:48:25.131160	Details available A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T16:56:17.945Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ http://seclists.org/fulldisclosure/2023/Jan/14 http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45927`	vulnerable	2026-06-03 14:48:25.130789	Details available An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T17:02:10.776Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-via-java-frontend-qds-endpoint-opentext-extended-ecm/ http://seclists.org/fulldisclosure/2023/Jan/13 http://packetstormsecurity.com/files/170614/OpenText-Extended-ECM-22.3-Java-Frontend-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45926`	vulnerable	2026-06-03 14:48:25.130435	Details available An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T17:07:34.104Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ http://seclists.org/fulldisclosure/2023/Jan/14 http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45925`	vulnerable	2026-06-03 14:48:25.130066	Details available An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T17:21:43.301Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ http://seclists.org/fulldisclosure/2023/Jan/14 http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45924`	vulnerable	2026-06-03 14:48:25.129688	Details available An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T17:23:01.723Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ http://seclists.org/fulldisclosure/2023/Jan/14 http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45923`	vulnerable	2026-06-03 14:48:25.129285	Details available An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T17:24:06.073Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/pre-authenticated-remote-code-execution-in-csexe-opentext-server-component/ http://seclists.org/fulldisclosure/2023/Jan/10 http://packetstormsecurity.com/files/170613/OpenText-Extended-ECM-22.3-cs.exe-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45922`	vulnerable	2026-06-03 14:48:25.128798	Details available An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-04T17:25:16.949Z Open on db.gcve.eu Reference links https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/ http://seclists.org/fulldisclosure/2023/Jan/14 http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.