VYPR

Vendor CVEs

Opentext

All CVEs

158 total · sorted by risk
  • CVE-2017-5586CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.23

    OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.

  • CVE-2024-12799CriMar 5, 2025
    risk 0.65cvss epss 0.00

    Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload.…

  • CVE-2024-1148CriMar 21, 2024
    risk 0.64cvss 9.8epss 0.01

    Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.

  • CVE-2024-1811CriMar 20, 2024
    risk 0.64cvss 9.8epss 0.01

    A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2017-14759CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is…

  • CVE-2016-2002CriApr 20, 2016
    risk 0.64cvss 9.8epss 0.03

    The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.

  • CVE-2025-15579CriFeb 18, 2026
    risk 0.62cvss epss 0.00

    Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.  The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1…

  • CVE-2024-10865CriMay 14, 2025
    risk 0.61cvss epss 0.00

    Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.

  • CVE-2025-3476CriMay 7, 2025
    risk 0.61cvss epss 0.00

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.

  • CVE-2017-15276HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.09

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR…

  • CVE-2017-15013HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.07

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are…

  • CVE-2017-15012HigOct 13, 2017
    risk 0.61cvss 8.8epss 0.08

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the…

  • CVE-2017-7221HigApr 25, 2017
    risk 0.61cvss 8.8epss 0.04

    OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created…

  • CVE-2017-14758HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.03

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an…

  • CVE-2017-14757HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.02

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to…

  • CVE-2024-5201HigMay 23, 2024
    risk 0.57cvss 8.8epss 0.00

    Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request

  • CVE-2024-2835HigMay 20, 2024
    risk 0.57cvss 8.7epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2017-14527HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a…

  • CVE-2017-14526HigSep 28, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user…

  • CVE-2017-7220HigApr 21, 2017
    risk 0.57cvss 8.8epss 0.02

    OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an…

  • CVE-2017-5585HigFeb 22, 2017
    risk 0.57cvss 8.8epss 0.02

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection…

  • CVE-2025-9120HigFeb 24, 2026
    risk 0.56cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.  The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe…

  • CVE-2024-7050HigJul 26, 2024
    risk 0.54cvss epss 0.01

    Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.

  • CVE-2024-7085HigJan 15, 2025
    risk 0.53cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS.  The vulnerability could result in the exposure of private information to an unauthorized actor. This…

  • CVE-2017-14960HigJan 4, 2018
    risk 0.52cvss 7.5epss 0.04

    xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

  • CVE-2025-12455HigMar 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.   The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X,…

  • CVE-2024-10864HigMay 14, 2025
    risk 0.49cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5

  • CVE-2024-4188HigJul 30, 2024
    risk 0.46cvss epss 0.00

    Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.

  • CVE-2025-3272MedMay 7, 2025
    risk 0.44cvss epss 0.00

    Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4.

  • CVE-2023-32260MedMar 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service…

  • CVE-2023-32259MedMar 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX)…

  • CVE-2017-14754MedOct 3, 2017
    risk 0.42cvss 6.5epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for…

  • CVE-2024-7650MedJul 10, 2025
    risk 0.41cvss epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4.

  • CVE-2020-25836MedJul 16, 2024
    risk 0.41cvss 6.3epss 0.00

    Exposure of Sensitive Information to an Unauthorized Access vulnerability in OpenText NetIQ Directory and Resource Administrator. This issue affects NetIQ Directory and Resource Administrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10.

  • CVE-2025-12454MedMar 13, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue…

  • CVE-2025-12453MedMar 13, 2026
    risk 0.40cvss 6.1epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue…

  • CVE-2025-8616MedAug 6, 2025
    risk 0.40cvss epss 0.00

    A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0.

  • CVE-2017-14756MedOct 3, 2017
    risk 0.40cvss 6.1epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).

  • CVE-2017-14755MedOct 3, 2017
    risk 0.40cvss 6.1epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.

  • CVE-2017-14525MedSep 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded…

  • CVE-2017-14524MedSep 28, 2017
    risk 0.40cvss 6.1epss 0.03

    Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded…

  • CVE-2017-8892MedMay 10, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.

  • CVE-2024-12543MedApr 21, 2025
    risk 0.38cvss epss 0.00

    User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes.

  • CVE-2023-32264MedMar 8, 2024
    risk 0.38cvss 5.8epss 0.00

    CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.

  • CVE-2024-12863MedApr 21, 2025
    risk 0.36cvss epss 0.00

    Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.

  • CVE-2024-12862MedApr 21, 2025
    risk 0.36cvss epss 0.00

    Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4.

  • CVE-2024-8125MedFeb 4, 2025
    risk 0.35cvss epss 0.00

    Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code…

  • CVE-2018-7660MedApr 11, 2018
    risk 0.35cvss 5.4epss 0.01

    In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter.

  • CVE-2018-7659MedApr 11, 2018
    risk 0.35cvss 5.4epss 0.01

    In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.

  • CVE-2021-22501MedDec 19, 2024
    risk 0.34cvss epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation.  The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 2017.05, 2017.11,…

Page 1 of 4