N/A

OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation.

N/A

N/A

OpenText Brava! 授权问题漏洞

OpenText Brava!是加拿大OpenText公司的一款基于浏览器的通用文档查看器。该产品支持查看、注释和编辑多种类型的文档。 OpenText Brava! Enterprise和Brava! Server 7.5版本至16.4版本中存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。

N/A

N/A