{"uuid": "2c27c6b2-9420-48c3-991a-0177dbfaad85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45922", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10506", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45922\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.\n\ud83d\udccf Published: 2023-01-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-04T17:25:16.949Z\n\ud83d\udd17 References:\n1. https://sec-consult.com/vulnerability-lab/advisory/multiple-post-authentication-vulnerabilities-including-rce-opentexttm-extended-ecm/\n2. http://seclists.org/fulldisclosure/2023/Jan/14\n3. http://packetstormsecurity.com/files/170615/OpenText-Extended-ECM-22.3-File-Deletion-LFI-Privilege-Escsalation.html", "creation_timestamp": "2025-04-04T17:36:09.000000Z"}