Filtered by vendor Opentext
Subscribe
Total
119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6530 | 1 Opentext | 2 Secure Mft 2013, Secure Mft 2014 | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
|
|||||
| CVE-2010-5283 | 1 Opentext | 1 Livelink Ecm | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.
|
|||||
| CVE-2010-5282 | 1 Opentext | 1 Livelink Ecm | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html.
|
|||||
| CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
|
|||||
| CVE-2008-0769 | 1 Opentext | 1 Livelink Ecm | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.
|
|||||
| CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
|
|||||
| CVE-2022-45925 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 7.5 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure.
|
|||||
| CVE-2022-45924 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.1 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
|
|||||
| CVE-2022-45923 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.
|
|||||
| CVE-2022-45922 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.
|
|||||
| CVE-2022-45928 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network con ...
Show More |
|||||
| CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2025-04-04 | N/A | 8.8 HIGH |
|
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.
|
|||||
| CVE-2004-0037 | 1 Opentext | 1 Opentext Firstclass Desktop Client | 2025-04-03 | 7.5 HIGH | N/A |
|
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
|
|||||
| CVE-2004-2496 | 1 Opentext | 1 Opentext Firstclass | 2025-04-03 | 7.8 HIGH | N/A |
|
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
|
|||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | N/A | 7.5 HIGH |
|
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.
|
|||||
| CVE-2023-38536 | 1 Opentext | 1 Exceed Turbox | 2025-03-10 | N/A | 6.4 MEDIUM |
|
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.
|
|||||
| CVE-2023-38535 | 1 Opentext | 1 Exceed Turbox | 2025-03-10 | N/A | 4.7 MEDIUM |
|
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.
|
|||||
| CVE-2023-38534 | 1 Opentext | 1 Exceed Turbox | 2025-03-10 | N/A | 8.6 HIGH |
|
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC.
|
|||||
| CVE-2020-11862 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Netiq Privileged Account Manager | 2025-03-10 | N/A | 8.6 HIGH |
|
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
|
|||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2025-01-30 | N/A | 9.8 CRITICAL |
|
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.
|
|||||
| CVE-2023-31871 | 1 Opentext | 1 Documentum Content Server | 2025-01-22 | N/A | 7.8 HIGH |
|
OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.
|
|||||
| CVE-2022-41221 | 1 Opentext | 1 Archive Center Administration | 2025-01-17 | N/A | 7.1 HIGH |
|
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance a ...
Show More |
|||||
| CVE-2023-7248 | 1 Opentext | 1 Vertica | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.
The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences.
This issue impacts the following Vertica Management Console versions:
10.x
11.1.1-24 or lower
12.0.4-18 or lower
Please upgrade to one of the following Vertica Management Console versions:
10.x to upgrade to latest versions from below.
11.1.1-25
12.0.4-1 ...
Show More |
|||||
| CVE-2023-4554 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | N/A | 4.9 MEDIUM |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.
AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.
This issue affects AppBuilder: from 21.2 before 23.2.
|
|||||
| CVE-2023-4553 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
AppBuilder configuration files are viewable by unauthenticated users.
This issue affects AppBuilder: from 21.2 before 23.2.
|
|||||
| CVE-2023-4552 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.
This issue affects AppBuilder: from 21.2 before 23.2.
|
|||||
| CVE-2023-4551 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | N/A | 7.2 HIGH |
|
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.
The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.
This issue affects AppBuilder: from 21.2 before 23.2.
|
|||||
| CVE-2023-4550 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
This issue affects AppBuilder: from 21.2 before 23.2.
|
|||||
| CVE-2021-3010 | 1 Opentext | 1 Content Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
|
|||||
| CVE-2021-31514 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this ...
Show More |
|||||
| CVE-2021-31513 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this ...
Show More |
|||||
| CVE-2021-31512 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this v ...
Show More |
|||||
| CVE-2021-31511 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this ...
Show More |
|||||
| CVE-2021-31510 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this v ...
Show More |
|||||
| CVE-2021-31509 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulner ...
Show More |
|||||
| CVE-2021-31508 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulner ...
Show More |
|||||
| CVE-2021-31507 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability ...
Show More |
|||||
| CVE-2021-31506 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can ...
Show More |
|||||
| CVE-2021-31504 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vu ...
Show More |
|||||
| CVE-2021-31503 | 1 Opentext | 1 Brava\! Desktop | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute co ...
Show More |
|||||