CRITICAL🇵🇱 Wersja polska

CVE-2022-35898

CVSS 9.8v3.1pub. 2023-05-01upd. 2025-01-30

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Opentext Bizmanager

    APP
    Opentext
    < 16.6.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2017-5802CRITICAL9.8ten sam vendor

A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was fou...

CVE-2017-14759CRITICAL9.8ten sam vendor

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versio...

CVE-2017-5586CRITICAL9.8ten sam vendor

OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands ...

CVE-2016-2002CRITICAL9.8ten sam vendor

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1....

CVE-2026-3278HIGH7.4ten sam vendor

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText...