Filtered by vendor Opentext
Subscriptions
Total
148 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8053 | 1 Opentext | 1 Flipper | 2025-10-28 | 9.1 Critical |
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2. | ||||
| CVE-2024-12111 | 1 Opentext | 1 Privileged Access Manager | 2025-10-09 | 8 High |
| In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | ||||
| CVE-2025-8716 | 1 Opentext | 1 Content Management | 2025-09-12 | N/A |
| In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known. | ||||
| CVE-2025-5808 | 1 Opentext | 1 Self Service Password Reset | 2025-08-31 | N/A |
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. | ||||
| CVE-2025-3478 | 1 Opentext | 1 Enterprise Security Manager | 2025-08-26 | N/A |
| A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. | ||||
| CVE-2025-8997 | 1 Opentext | 1 Enterprise Security Manager | 2025-08-25 | N/A |
| An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. | ||||
| CVE-2025-8616 | 1 Opentext | 1 Advanced Authentication | 2025-08-12 | N/A |
| A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0. | ||||
| CVE-2020-11862 | 1 Opentext | 1 Netiq Privileged Account Manager | 2025-07-13 | 8.6 High |
| Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2. | ||||
| CVE-2023-32264 | 1 Opentext | 1 Documentum D2 | 2025-07-13 | 5.8 Medium |
| CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer. | ||||
| CVE-2024-12862 | 1 Opentext | 1 Content Server | 2025-07-12 | N/A |
| Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. | ||||
| CVE-2021-38118 | 1 Opentext | 1 Imanager | 2025-07-12 | 5.5 Medium |
| Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | ||||
| CVE-2024-7650 | 1 Opentext | 1 Directory Services | 2025-07-12 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. | ||||
| CVE-2023-4552 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2025-06-17 | 5.5 Medium |
| Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2023-4554 | 3 Linux, Microsoft, Opentext | 3 Linux Kernel, Windows, Appbuilder | 2025-05-29 | 4.9 Medium |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | ||||
| CVE-2017-14527 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2025-04-20 | N/A |
| Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | ||||
| CVE-2017-8892 | 1 Opentext | 1 Tempo Box | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | ||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | N/A |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | ||||
| CVE-2017-14755 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | N/A |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | ||||
| CVE-2017-14756 | 1 Opentext | 1 Document Sciences Xpression | 2025-04-20 | N/A |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). | ||||
| CVE-2017-5586 | 1 Opentext | 1 Documentum D2 | 2025-04-20 | N/A |
| OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | ||||