Enterprise content management (ECM) software from OpenText has been found to include a number of vulnerabilities that have been rated as serious and high impact, including several that permit unauthenticated remote code execution. A researcher at the cybersecurity firm Sec Consult identified the flaws in OpenText’s Extended ECM, which controls how information is shared and used inside an enterprise. The Content Server component of the product is specifically affected by the issues. One of the major flaws, identified as CVE-2022-45923, can let an unauthenticated attacker use specially crafted requests to execute arbitrary code. The second serious weakness, CVE-2022-45927, affects the OpenText Content Server component’s Java Frontend and enables an attacker to forego authentication. Remote code execution can eventually result from exploitation.