VYPR
Vendor

Opentext

Products
53
CVEs
158
Across products
148
Status
Private

Products

53
View all 53 products →

Recent CVEs

158
View all 158 CVEs →
  • CVE-2017-5586CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.23

    OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.

  • CVE-2024-12799CriMar 5, 2025
    risk 0.65cvss epss 0.00

    Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload.…

  • CVE-2024-1148CriMar 21, 2024
    risk 0.64cvss 9.8epss 0.01

    Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.

  • CVE-2024-1811CriMar 20, 2024
    risk 0.64cvss 9.8epss 0.01

    A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2017-14759CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is…

  • CVE-2016-2002CriApr 20, 2016
    risk 0.64cvss 9.8epss 0.03

    The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

  • CVE-2025-15579CriFeb 18, 2026
    risk 0.62cvss epss 0.00

    Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.  The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1…

  • CVE-2024-10865CriMay 14, 2025
    risk 0.61cvss epss 0.00

    Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.

  • CVE-2025-3476CriMay 7, 2025
    risk 0.61cvss epss 0.00

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.

  • CVE-2017-15276HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.09

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR…

  • CVE-2017-15013HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.07

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are…

  • CVE-2017-15012HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.08

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the…

  • CVE-2017-7221HigApr 25, 2017
    risk 0.61cvss 8.8epss 0.04

    OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created…

  • CVE-2017-14758HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.03

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an…

  • CVE-2017-14757HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.02

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to…

  • CVE-2024-5201HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.00

    Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request

  • CVE-2024-2835HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2017-14527HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a…

  • CVE-2017-14526HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user…

  • CVE-2017-7220HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.02

    OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an…