CVE-2022-45928 in Content Suite Platform
Summary
by MITRE • 01/19/2023
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/05/2025
The vulnerability identified as CVE-2022-45928 represents a critical remote code execution flaw within OpenText Content Suite Platform version 22.1, specifically affecting build 16.2.19.1803. This issue stems from improper input validation and sanitization within the platform's HTML output rendering pipeline, creating a dangerous attack surface that allows remote adversaries to execute arbitrary Oscript code on the affected system. The vulnerability manifests through multiple endpoints that accept an htmlFile parameter, which is subsequently processed through the Content Server's HTML rendering mechanism without adequate security controls.
The technical exploitation of this vulnerability occurs because OpenText Content Suite Platform evaluates and executes Oscript code that is embedded within HTML files during the rendering process. This design flaw creates a direct code execution pathway where an attacker can craft malicious HTML files containing Oscript commands that will be interpreted and executed by the Content Server. The Oscript language provides attackers with extensive system-level capabilities including file system manipulation, network connectivity creation, and operating system command execution, making this vulnerability particularly dangerous for enterprise environments. The vulnerability aligns with CWE-94, which describes improper control of generation of code, specifically highlighting the dangerous practice of executing user-supplied code within a trusted execution environment.
From an operational perspective, this vulnerability presents a severe threat to organizations relying on OpenText Content Suite Platform, as it enables attackers to achieve full system compromise without requiring authentication or local access. The remote nature of the exploit means that adversaries can leverage this vulnerability from outside the network perimeter, potentially leading to data breaches, system takeover, and lateral movement within the organization's infrastructure. The impact extends beyond simple code execution, as the Oscript capabilities allow for persistent backdoor creation, privilege escalation, and data exfiltration operations that could go undetected for extended periods.
Security mitigations for CVE-2022-45928 should prioritize immediate patching of the affected OpenText Content Suite Platform version to the latest available security releases. Organizations should implement network segmentation and access controls to limit exposure of vulnerable endpoints, particularly those accepting htmlFile parameters. Input validation and sanitization measures must be strengthened at the application level to prevent user-supplied HTML content from being processed through the Oscript execution pipeline. Additionally, monitoring and logging should be enhanced to detect suspicious file uploads or unusual Oscript execution patterns. The vulnerability's characteristics align with ATT&CK technique T1059.007 for Oscript execution and T1190 for exploitation of remote services, making comprehensive threat hunting and incident response procedures essential for organizations that cannot immediately patch their systems.