On April 30, Open Text released a security alert regarding nine critical vulnerabilities found in its Enterprise Content Management System (ECM). OpenText is a software vendor based in Waterloo, Canada, providing enterprise solutions for content, search, collaboration and document management. The vulnerabilities found in the Enterprise Content Management System have the potential to cause system malfunction and expose sensitive information of OpenText customers.
The nine critical vulnerabilities can be categorized into four main issues: open text risk, cross-origin request forgery, unrestricted file upload, and security misconfiguration. All nine vulnerabilities have been assigned a CVSS base score of 9.8, the highest severity rating, meaning that attacks exploiting these security flaws can have a devastating impact. This is why Open Text has urged all customers running OpenText ECM to apply the patches as soon as possible.
The security patches include solutions to prevent unauthorized access of sensitive data by blocking cross-origin request forgery, an attack technique commonly used by hackers to take control of web applications. OpenText has also provided measures for preventing unrestricted file upload, which could allow malicious actors to upload malicious files to the system. Furthermore, the security patches are intended to mitigate security misconfiguration, which can occur due to a lack of awareness or failure to correctly configure system settings.
In addition to the security patches, OpenText has also released an advisory containing best practices for content security measures that organizations should be implementing. These practices include regularly updating systems, patching security vulnerabilities as soon as they are discovered, and hardening the security of networks to prevent malicious exploitation.
OpenText is committed to providing the highest levels of security for its customers. As such, when critical vulnerabilities are discovered, they are patched quickly and effectively to ensure that the data of OpenText customers remains safe.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000