OpenText Content Suite Platform 22.1 (16.2.19.1803) AdminPwd Cookie Bypass Vulnerability

OpenText Content Suite Platform 22.1 (16.2.19.1803) AdminPwd Cookie Bypass Vulnerability

CVE-2022-45922 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

Learn more about our Web App Pen Testing.