|
Featured News
Critical Vulnerabilities in OT Enterprise Content Management System
Two critical pre-authentication vulnerabilities in the OpenText Extended ECM content management system were discovered, potentially allowing an attacker to gain remote code execution on vulnerable servers. Both vulnerabilities are now fixed in version 22.4, which OpenText released last week, although researchers at SEC Consult discovered the vulnerabilities and disclosed them to OpenText back in October.
One of the critical vulnerabilities could allow an unauthenticated attacker to execute arbitrary code using specially crafted requests, while the second critical flaw could allow an attacker to bypass authentication. Exploitation could ultimately lead to remote code execution. Sec Consult also identified five types of vulnerabilities in the Content Server component that can be exploited by authenticated attackers, which can be exploited to delete arbitrary files on the server, escalate privileges, obtain potentially valuable information, launch server-side request forgery (SSRF) attacks, and execute arbitrary code.
Metro Vancouver document leak allegedly perpetrated by disgruntled former contractors
A portion of confidential information that formed the basis for terminating Spanish-based Acciona’s contract, overseeing an over-budget $1-billion water treatment project, was allegedly shared with some members of the company by former employee Anika Calder, the daughter of Coquitlam’s city manager Peter Steblin. Court filings say that Steblin used the password and sign-in information for Coquitlam’s current mayor to access the confidential information in January 2022. Acciona is currently engaged in a $250-million lawsuit claiming wrongful termination of its contract in North Vancouver, while Metro has launched a countersuit, alleging breaches of contract, misrepresentations, negligence, and bad faith that will cause damages of more than $500 million.
Recent document leaks in the news
|
