VYPR

Vendor CVEs

Opentext

All CVEs

158 total · sorted by risk
  • CVE-2017-15014MedOct 13, 2017
    risk 0.31cvss 4.3epss 0.05

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads…

  • CVE-2025-2236LowMay 27, 2025
    risk 0.14cvss epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue…

  • CVE-2024-12706LowApr 28, 2025
    risk 0.14cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects…

  • CVE-2020-11854Oct 27, 2020
    risk 0.10cvss epss 0.74

    Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance…

  • CVE-2020-11853Oct 22, 2020
    risk 0.10cvss epss 0.77

    Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions :…

  • CVE-2004-2496Dec 31, 2004
    risk 0.04cvss epss 0.09

    The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.

  • CVE-2020-11858Oct 27, 2020
    risk 0.03cvss epss 0.03

    Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60,…

  • CVE-2003-1173Dec 31, 2003
    risk 0.03cvss epss 0.03

    Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.

  • CVE-2011-1741Jul 19, 2011
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.

  • CVE-2026-11877Jun 24, 2026
    risk 0.00cvss epss 0.00

    An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.

  • CVE-2024-11604Mar 27, 2026
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver:…

  • CVE-2026-3278Mar 18, 2026
    risk 0.00cvss epss 0.00

    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions…

  • CVE-2026-1658Feb 19, 2026
    risk 0.00cvss epss 0.00

    User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. …

  • CVE-2025-9208Feb 19, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is…

  • CVE-2025-13671Feb 19, 2026
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform…

  • CVE-2025-13672Feb 19, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered…

  • CVE-2025-8054Feb 19, 2026
    risk 0.00cvss epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal.  The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax:…

  • CVE-2025-8055Feb 19, 2026
    risk 0.00cvss epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.

  • CVE-2025-8050Oct 21, 2025
    risk 0.00cvss epss 0.00

    External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.

  • CVE-2025-8052Oct 20, 2025
    risk 0.00cvss epss 0.00

    SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2.

  • CVE-2025-8048Oct 20, 2025
    risk 0.00cvss epss 0.00

    External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue…

  • CVE-2025-8049Oct 20, 2025
    risk 0.00cvss epss 0.00

    Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper:…

  • CVE-2025-8051Oct 20, 2025
    risk 0.00cvss epss 0.00

    Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.

  • CVE-2025-8053Oct 20, 2025
    risk 0.00cvss epss 0.00

    Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue…

  • CVE-2024-9841Nov 8, 2024
    risk 0.00cvss epss 0.00

    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.

  • CVE-2024-4692Oct 16, 2024
    risk 0.00cvss epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in…

  • CVE-2024-4690Oct 16, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

  • CVE-2024-4211Oct 16, 2024
    risk 0.00cvss epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText…

  • CVE-2024-4189Oct 16, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

  • CVE-2024-4184Oct 16, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

  • CVE-2024-6360Oct 2, 2024
    risk 0.00cvss epss 0.00

    Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0…

  • CVE-2021-22518Sep 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0

  • CVE-2022-26322Sep 12, 2024
    risk 0.00cvss epss 0.00

    Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager has been discovered in OpenText™ Identity Manager REST Driver. This impact version before 1.1.2.0200.

  • CVE-2021-22509Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1

  • CVE-2021-22529Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1

  • CVE-2021-22530Aug 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ…

  • CVE-2021-38120Aug 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

  • CVE-2021-38121Aug 28, 2024
    risk 0.00cvss epss 0.00

    Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authentication versions before 6.3.5.1

  • CVE-2021-38122Aug 28, 2024
    risk 0.00cvss epss 0.00

    A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1

  • CVE-2023-7260Aug 22, 2024
    risk 0.00cvss epss 0.01

    Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system.

  • CVE-2023-7249Aug 12, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.

  • CVE-2024-6357Aug 6, 2024
    risk 0.00cvss epss 0.00

    Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.

  • CVE-2024-6359Aug 6, 2024
    risk 0.00cvss epss 0.00

    Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.

  • CVE-2024-6358Aug 6, 2024
    risk 0.00cvss epss 0.00

    Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.

  • CVE-2024-6361Aug 5, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.

  • CVE-2023-7248Mar 15, 2024
    risk 0.00cvss epss 0.00

    Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the…

  • CVE-2023-38536Mar 13, 2024
    risk 0.00cvss epss 0.00

    HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.  

  • CVE-2023-38535Mar 13, 2024
    risk 0.00cvss epss 0.00

    Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.  

  • CVE-2023-38534Mar 13, 2024
    risk 0.00cvss epss 0.01

    Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC. 

  • CVE-2023-6123Feb 15, 2024
    risk 0.00cvss epss 0.01

    Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.