CVE-2022-45924 in Content Suite Platform
Summary
by MITRE • 01/19/2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/05/2025
The vulnerability identified as CVE-2022-45924 resides within OpenText Content Suite Platform version 22.1, specifically within the itemtemplate.createtemplate2 endpoint. This represents a critical path traversal and arbitrary file deletion flaw that fundamentally undermines the system's file access controls and integrity mechanisms. The vulnerability affects the core content management infrastructure, potentially exposing organizations to unauthorized data destruction and system compromise.
This security flaw stems from inadequate input validation and sanitization within the createtemplate2 endpoint, which processes template creation requests. The vulnerability allows a low-privilege authenticated user to manipulate file paths through the API interface, enabling them to specify arbitrary file locations for deletion. The technical implementation fails to properly validate or sanitize user-supplied parameters that determine file operations, creating a direct path for malicious file manipulation. The flaw operates at the file system level, bypassing normal access control mechanisms and permitting deletion of files outside the intended template management scope.
The operational impact of this vulnerability is severe and multifaceted across enterprise environments relying on OpenText Content Suite Platform. A compromised low-privilege user could potentially delete critical system files, configuration data, or business-critical documents stored on the server. This capability enables attackers to cause significant disruption to content management operations, potentially leading to complete service outages or data loss scenarios. The vulnerability's exploitation does not require elevated privileges, making it particularly dangerous as it can be leveraged by insiders or attackers who have gained minimal access to the system. Organizations may experience cascading effects including compliance violations, regulatory penalties, and business continuity disruptions.
Mitigation strategies for CVE-2022-45924 should prioritize immediate patching of the OpenText Content Suite Platform to version 22.2 or later, which contains the necessary security fixes. Organizations should implement network segmentation and access controls to limit exposure of the vulnerable endpoint to only authorized administrative users. The principle of least privilege must be enforced through strict API access controls, ensuring that the createtemplate2 endpoint requires elevated authentication and authorization levels. Additionally, organizations should conduct comprehensive file system audits to identify any potential damage from exploitation attempts and implement enhanced monitoring of file system access patterns for anomalous deletion activities. The vulnerability aligns with CWE-22 Path Traversal and CWE-772 Missing Release of Resource, while the attack vector corresponds to techniques described in the MITRE ATT&CK framework under T1059 Command and Scripting Interpreter and T1486 Data Encrypted for Impact, representing a critical threat to enterprise data integrity and availability.