Primary

Context

OpenText Content Server REST API Incorrect Authorization Vulnerability Allowing Unauthorized Removal of External Collaborators

Vulnerability

Patched

A vulnerability has been identified in the OpenText Content Server REST API, affecting both Windows and Linux platforms. This incorrect authorization issue allows users without the necessary permissions to remove external collaborators. The vulnerability impacts OpenText Content Server versions 20.2 through 24.4.

Impact

Exploitation of this vulnerability could enable an authenticated user with a valid API token to delete external users from a node without having the appropriate permissions.

Remediation

Hotfixes are available for the affected versions of OpenText Content Management for Engineering. This issue is resolved in version 25.2 and subsequent releases. For versions 23.2 to 24.4, hotfixes can be downloaded from the OpenText Support Portal.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenText Content Server REST API Incorrect Authorization Vulnerability Allowing Unauthorized Removal of External Collaborators

Vulnerability

Impact

Remediation

Affected Products

OpenText Content Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating