← back
CVE-2024-12862

REST API allows users without permissions to remove external collaborators

CVSS 5.5 MEDIUMEPSS 0.2%CWE-863
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
21 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.
CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H
Affected products
OpenText · Content Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115