Arbitrary Memory Address Manipulation and Virtual Function Table Exploitation in OpenText Content Suite Platform 22.1

Arbitrary Memory Address Manipulation and Virtual Function Table Exploitation in OpenText Content Suite Platform 22.1

CVE-2022-45923 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.

Learn more about our Web Application Penetration Testing UK.