Filtered by vendor Opentext
Subscribe
Total
97 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-7260 | 1 Opentext | 1 Cx-e Voice | 2024-10-16 | N/A | 7.5 HIGH |
Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | |||||
CVE-2021-22518 | 1 Opentext | 1 Identity Manager Azuread Driver | 2024-10-02 | N/A | 5.5 MEDIUM |
A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | |||||
CVE-2024-6361 | 1 Opentext | 1 Alm Octane | 2024-08-28 | N/A | 5.4 MEDIUM |
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. | |||||
CVE-2024-6358 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | N/A | 8.8 HIGH |
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. | |||||
CVE-2024-6359 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | N/A | 9.8 CRITICAL |
Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. | |||||
CVE-2024-6357 | 1 Opentext | 1 Arcsight Intelligence | 2024-08-19 | N/A | 8.8 HIGH |
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | |||||
CVE-2024-4187 | 1 Opentext | 1 Filr | 2024-08-15 | N/A | 5.4 MEDIUM |
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. | |||||
CVE-2023-7249 | 1 Opentext | 1 Directory Services | 2024-08-13 | N/A | 9.8 CRITICAL |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. | |||||
CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-07-26 | N/A | 9.8 CRITICAL |
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x | |||||
CVE-2023-4552 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-28 | N/A | 7.1 HIGH |
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2023-4554 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-28 | N/A | 6.5 MEDIUM |
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2023-4550 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-28 | N/A | 7.5 HIGH |
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2023-4553 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-28 | N/A | 5.3 MEDIUM |
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2023-4551 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-02-28 | N/A | 8.8 HIGH |
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2. | |||||
CVE-2022-41221 | 1 Opentext | 1 Archive Center Administration | 2024-02-28 | N/A | 7.1 HIGH |
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | |||||
CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2024-02-28 | N/A | 9.8 CRITICAL |
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | |||||
CVE-2023-31871 | 1 Opentext | 1 Documentum Content Server | 2024-02-28 | N/A | 7.8 HIGH |
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. | |||||
CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2024-02-28 | N/A | 8.8 HIGH |
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. | |||||
CVE-2022-45922 | 1 Opentext | 1 Opentext Extended Ecm | 2024-02-28 | N/A | 8.8 HIGH |
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password. | |||||
CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2024-02-28 | N/A | 8.8 HIGH |
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. |