Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41221

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.

Published

2023-05-24T21:15:10.870

Last Modified

2025-01-17T16:15:28.683

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Primary
CWE-611
Type: Secondary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opentext	archive_center_administration	≤ 21.2	Yes

References

https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability Exploit, Third Party Advisory ([email protected])
https://labs.withsecure.com/advisories/opentext-archive-center-administration-client-xxe-vulnerability Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)