Vendor CVEs
Opentext
All CVEs
158 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-15014 | Med | 0.31 | 4.3 | 0.05 | Oct 13, 2017 | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads… | ||
| CVE-2025-2236 | Low | 0.14 | — | 0.00 | May 27, 2025 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue… | ||
| CVE-2024-12706 | Low | 0.14 | — | 0.00 | Apr 28, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects… | ||
| CVE-2020-11854 | 0.10 | — | 0.74 | Oct 27, 2020 | Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance… | |||
| CVE-2020-11853 | 0.10 | — | 0.77 | Oct 22, 2020 | Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions :… | |||
| CVE-2004-2496 | 0.04 | — | 0.09 | Dec 31, 2004 | The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | |||
| CVE-2020-11858 | 0.03 | — | 0.03 | Oct 27, 2020 | Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60,… | |||
| CVE-2003-1173 | 0.03 | — | 0.03 | Dec 31, 2003 | Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory. | |||
| CVE-2011-1741 | 0.01 | — | 0.08 | Jul 19, 2011 | Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. | |||
| CVE-2026-11877 | 0.00 | — | 0.00 | Jun 24, 2026 | An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3. | |||
| CVE-2024-11604 | 0.00 | — | 0.00 | Mar 27, 2026 | Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver:… | |||
| CVE-2026-3278 | 0.00 | — | 0.00 | Mar 18, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions… | |||
| CVE-2026-1658 | 0.00 | — | 0.00 | Feb 19, 2026 | User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. … | |||
| CVE-2025-9208 | 0.00 | — | 0.00 | Feb 19, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is… | |||
| CVE-2025-13671 | 0.00 | — | 0.00 | Feb 19, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform… | |||
| CVE-2025-13672 | 0.00 | — | 0.00 | Feb 19, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered… | |||
| CVE-2025-8054 | 0.00 | — | 0.00 | Feb 19, 2026 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax:… | |||
| CVE-2025-8055 | 0.00 | — | 0.00 | Feb 19, 2026 | Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2. | |||
| CVE-2025-8050 | 0.00 | — | 0.00 | Oct 21, 2025 | External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | |||
| CVE-2025-8052 | 0.00 | — | 0.00 | Oct 20, 2025 | SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2. | |||
| CVE-2025-8048 | 0.00 | — | 0.00 | Oct 20, 2025 | External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue… | |||
| CVE-2025-8049 | 0.00 | — | 0.00 | Oct 20, 2025 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper:… | |||
| CVE-2025-8051 | 0.00 | — | 0.00 | Oct 20, 2025 | Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | |||
| CVE-2025-8053 | 0.00 | — | 0.00 | Oct 20, 2025 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue… | |||
| CVE-2024-9841 | 0.00 | — | 0.00 | Nov 8, 2024 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | |||
| CVE-2024-4692 | 0.00 | — | 0.00 | Oct 16, 2024 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in… | |||
| CVE-2024-4690 | 0.00 | — | 0.00 | Oct 16, 2024 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||
| CVE-2024-4211 | 0.00 | — | 0.00 | Oct 16, 2024 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText… | |||
| CVE-2024-4189 | 0.00 | — | 0.00 | Oct 16, 2024 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||
| CVE-2024-4184 | 0.00 | — | 0.00 | Oct 16, 2024 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||
| CVE-2024-6360 | 0.00 | — | 0.00 | Oct 2, 2024 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0… | |||
| CVE-2021-22518 | 0.00 | — | 0.00 | Sep 12, 2024 | A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | |||
| CVE-2022-26322 | 0.00 | — | 0.00 | Sep 12, 2024 | Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200. | |||
| CVE-2021-22509 | 0.00 | — | 0.00 | Aug 28, 2024 | A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | |||
| CVE-2021-22529 | 0.00 | — | 0.00 | Aug 28, 2024 | A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 | |||
| CVE-2021-22530 | 0.00 | — | 0.00 | Aug 28, 2024 | A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ… | |||
| CVE-2021-38120 | 0.00 | — | 0.01 | Aug 28, 2024 | A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | |||
| CVE-2021-38121 | 0.00 | — | 0.00 | Aug 28, 2024 | Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | |||
| CVE-2021-38122 | 0.00 | — | 0.00 | Aug 28, 2024 | A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | |||
| CVE-2023-7260 | 0.00 | — | 0.01 | Aug 22, 2024 | Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | |||
| CVE-2023-7249 | 0.00 | — | 0.01 | Aug 12, 2024 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | |||
| CVE-2024-6357 | 0.00 | — | 0.00 | Aug 6, 2024 | Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | |||
| CVE-2024-6359 | 0.00 | — | 0.00 | Aug 6, 2024 | Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | |||
| CVE-2024-6358 | 0.00 | — | 0.00 | Aug 6, 2024 | Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. | |||
| CVE-2024-6361 | 0.00 | — | 0.00 | Aug 5, 2024 | Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. | |||
| CVE-2023-7248 | 0.00 | — | 0.00 | Mar 15, 2024 | Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the… | |||
| CVE-2023-38536 | 0.00 | — | 0.00 | Mar 13, 2024 | HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting. | |||
| CVE-2023-38535 | 0.00 | — | 0.00 | Mar 13, 2024 | Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys. | |||
| CVE-2023-38534 | 0.00 | — | 0.01 | Mar 13, 2024 | Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC. | |||
| CVE-2023-6123 | 0.00 | — | 0.01 | Feb 15, 2024 | Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. |
- risk 0.31cvss 4.3epss 0.05
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads…
- risk 0.14cvss —epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue…
- risk 0.14cvss —epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects…
- CVE-2020-11854Oct 27, 2020risk 0.10cvss —epss 0.74
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance…
- CVE-2020-11853Oct 22, 2020risk 0.10cvss —epss 0.77
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions :…
- CVE-2004-2496Dec 31, 2004risk 0.04cvss —epss 0.09
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
- CVE-2020-11858Oct 27, 2020risk 0.03cvss —epss 0.03
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60,…
- CVE-2003-1173Dec 31, 2003risk 0.03cvss —epss 0.03
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
- CVE-2011-1741Jul 19, 2011risk 0.01cvss —epss 0.08
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
- CVE-2026-11877Jun 24, 2026risk 0.00cvss —epss 0.00
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
- CVE-2024-11604Mar 27, 2026risk 0.00cvss —epss 0.00
Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver:…
- CVE-2026-3278Mar 18, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions…
- CVE-2026-1658Feb 19, 2026risk 0.00cvss —epss 0.00
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. …
- CVE-2025-9208Feb 19, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is…
- CVE-2025-13671Feb 19, 2026risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform…
- CVE-2025-13672Feb 19, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered…
- CVE-2025-8054Feb 19, 2026risk 0.00cvss —epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax:…
- CVE-2025-8055Feb 19, 2026risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.
- CVE-2025-8050Oct 21, 2025risk 0.00cvss —epss 0.00
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
- CVE-2025-8052Oct 20, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2.
- CVE-2025-8048Oct 20, 2025risk 0.00cvss —epss 0.00
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue…
- CVE-2025-8049Oct 20, 2025risk 0.00cvss —epss 0.00
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper:…
- CVE-2025-8051Oct 20, 2025risk 0.00cvss —epss 0.00
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
- CVE-2025-8053Oct 20, 2025risk 0.00cvss —epss 0.00
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue…
- CVE-2024-9841Nov 8, 2024risk 0.00cvss —epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
- CVE-2024-4692Oct 16, 2024risk 0.00cvss —epss 0.00
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in…
- CVE-2024-4690Oct 16, 2024risk 0.00cvss —epss 0.00
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
- CVE-2024-4211Oct 16, 2024risk 0.00cvss —epss 0.00
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText…
- CVE-2024-4189Oct 16, 2024risk 0.00cvss —epss 0.00
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
- CVE-2024-4184Oct 16, 2024risk 0.00cvss —epss 0.00
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
- CVE-2024-6360Oct 2, 2024risk 0.00cvss —epss 0.00
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0…
- CVE-2021-22518Sep 12, 2024risk 0.00cvss —epss 0.00
A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0
- CVE-2022-26322Sep 12, 2024risk 0.00cvss —epss 0.00
Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.
- CVE-2021-22509Aug 28, 2024risk 0.00cvss —epss 0.00
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
- CVE-2021-22529Aug 28, 2024risk 0.00cvss —epss 0.00
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
- CVE-2021-22530Aug 28, 2024risk 0.00cvss —epss 0.00
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ…
- CVE-2021-38120Aug 28, 2024risk 0.00cvss —epss 0.01
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
- CVE-2021-38121Aug 28, 2024risk 0.00cvss —epss 0.00
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
- CVE-2021-38122Aug 28, 2024risk 0.00cvss —epss 0.00
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1
- CVE-2023-7260Aug 22, 2024risk 0.00cvss —epss 0.01
Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.
- CVE-2023-7249Aug 12, 2024risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.
- CVE-2024-6357Aug 6, 2024risk 0.00cvss —epss 0.00
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
- CVE-2024-6359Aug 6, 2024risk 0.00cvss —epss 0.00
Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.
- CVE-2024-6358Aug 6, 2024risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
- CVE-2024-6361Aug 5, 2024risk 0.00cvss —epss 0.00
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.
- CVE-2023-7248Mar 15, 2024risk 0.00cvss —epss 0.00
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the…
- CVE-2023-38536Mar 13, 2024risk 0.00cvss —epss 0.00
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.
- CVE-2023-38535Mar 13, 2024risk 0.00cvss —epss 0.00
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.
- CVE-2023-38534Mar 13, 2024risk 0.00cvss —epss 0.01
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC.
- CVE-2023-6123Feb 15, 2024risk 0.00cvss —epss 0.01
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.
Page 2 of 4