VYPR

Vendor CVEs

Opentext

All CVEs

158 total · sorted by risk
  • CVE-2023-4554Jan 29, 2024
    risk 0.00cvss epss 0.00

    Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user…

  • CVE-2023-4553Jan 29, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2.

  • CVE-2023-4552Jan 29, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its…

  • CVE-2023-4551Jan 29, 2024
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject…

  • CVE-2023-4550Jan 29, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on…

  • CVE-2023-47261Dec 14, 2023
    risk 0.00cvss epss 0.02

    Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.

  • CVE-2023-5913Nov 8, 2023
    risk 0.00cvss epss 0.01

    Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.

  • CVE-2023-4964Oct 30, 2023
    risk 0.00cvss epss 0.00

    Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability…

  • CVE-2023-4501Sep 12, 2023
    risk 0.00cvss epss 0.01

    User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0…

  • CVE-2023-34377Aug 5, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.

  • CVE-2022-41221May 24, 2023
    risk 0.00cvss epss 0.00

    The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently…

  • CVE-2023-31871May 18, 2023
    risk 0.00cvss epss 0.00

    OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing…

  • CVE-2022-35898May 1, 2023
    risk 0.00cvss epss 0.01

    OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.

  • CVE-2023-24468Mar 15, 2023
    risk 0.00cvss epss 0.01

    Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2

  • CVE-2022-45928Jan 18, 2023
    risk 0.00cvss epss 0.02

    A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates…

  • CVE-2022-45925Jan 18, 2023
    risk 0.00cvss epss 0.17

    An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like…

  • CVE-2022-45923Jan 18, 2023
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value…

  • CVE-2022-45922Jan 18, 2023
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie,…

  • CVE-2022-45927Jan 18, 2023
    risk 0.00cvss epss 0.02

    An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

  • CVE-2022-45924Jan 18, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.

  • CVE-2022-45926Jan 18, 2023
    risk 0.00cvss epss 0.17

    An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.

  • CVE-2022-38754Dec 8, 2022
    risk 0.00cvss epss 0.01

    A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The…

  • CVE-2021-22535Sep 28, 2021
    risk 0.00cvss epss 0.01

    Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.

  • CVE-2021-41391Sep 17, 2021
    risk 0.00cvss epss 0.01

    In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

  • CVE-2021-41390Sep 17, 2021
    risk 0.00cvss epss 0.01

    In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

  • CVE-2021-22515Jul 12, 2021
    risk 0.00cvss epss 0.01

    Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

  • CVE-2021-22497Apr 12, 2021
    risk 0.00cvss epss 0.01

    Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.

  • CVE-2021-22507Apr 8, 2021
    risk 0.00cvss epss 0.02

    Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access.

  • CVE-2021-3010Feb 26, 2021
    risk 0.00cvss epss 0.01

    There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.

  • CVE-2019-18942Feb 26, 2021
    risk 0.00cvss epss 0.00

    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.

  • CVE-2021-22504Feb 12, 2021
    risk 0.00cvss epss 0.03

    Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.

  • CVE-2020-13116Jan 12, 2021
    risk 0.00cvss epss 0.01

    OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an authenticated user via policy creation.

  • CVE-2020-28861Dec 14, 2020
    risk 0.00cvss epss 0.02

    OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.

  • CVE-2020-28860Dec 14, 2020
    risk 0.00cvss epss 0.02

    OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.

  • CVE-2020-28859Dec 14, 2020
    risk 0.00cvss epss 0.01

    OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.

  • CVE-2020-28858Dec 14, 2020
    risk 0.00cvss epss 0.01

    OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.

  • CVE-2020-28857Dec 14, 2020
    risk 0.00cvss epss 0.02

    OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.

  • CVE-2020-28856Dec 14, 2020
    risk 0.00cvss epss 0.02

    OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP…

  • CVE-2020-11844May 29, 2020
    risk 0.00cvss epss 0.02

    Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0,…

  • CVE-2019-12270May 21, 2019
    risk 0.00cvss epss 0.02

    OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS…

  • CVE-2018-19643Mar 27, 2019
    risk 0.00cvss epss 0.01

    Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

  • CVE-2018-19644Mar 27, 2019
    risk 0.00cvss epss 0.01

    Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

  • CVE-2018-19642Mar 27, 2019
    risk 0.00cvss epss 0.01

    Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

  • CVE-2019-7416Mar 17, 2019
    risk 0.00cvss epss 0.02

    XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.

  • CVE-2015-6867Nov 4, 2015
    risk 0.00cvss epss 0.05

    The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.

  • CVE-2015-6530Aug 20, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.

  • CVE-2013-6994May 19, 2014
    risk 0.00cvss epss 0.01

    OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.

  • CVE-2013-6807May 19, 2014
    risk 0.00cvss epss 0.01

    The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.

  • CVE-2013-6806May 19, 2014
    risk 0.00cvss epss 0.01

    OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.

  • CVE-2013-6805May 19, 2014
    risk 0.00cvss epss 0.01

    OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.