{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1658", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2026-01-29T20:02:02.908Z", "datePublished": "2026-02-19T22:40:33.406Z", "dateUpdated": "2026-03-02T15:56:48.806Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Directory Services", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "25.2", "status": "affected", "version": "20.4.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Andrej \u0160imko of Accenture"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.</span>\n\n<p>This issue affects Directory Services: from 20.4.1 through 25.2.</p>"}], "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."}], "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141 Cache Poisoning"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-02-19T22:40:33.406Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0858517\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0858517</a><br>"}], "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517"}], "source": {"discovery": "UNKNOWN"}, "title": "Content spoofing vulnerability discovered in OpenText\u2122 Directory Services", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T15:56:36.298446Z", "id": "CVE-2026-1658", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T15:56:48.806Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1658", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T15:56:36.298446Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T15:56:43.375Z"}}], "cna": {"title": "Content spoofing vulnerability discovered in OpenText\u2122 Directory Services", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Andrej \u0160imko of Accenture"}], "impacts": [{"capecId": "CAPEC-141", "descriptions": [{"lang": "en", "value": "CAPEC-141 Cache Poisoning"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.3, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Directory Services", "versions": [{"status": "affected", "version": "20.4.1", "versionType": "custom", "lessThanOrEqual": "25.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0858517\">https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0858517</a><br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2.", "supportingMedia": [{"type": "text/html", "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.</span>\n\n<p>This issue affects Directory Services: from 20.4.1 through 25.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2026-02-19T22:40:33.406Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1658", "state": "PUBLISHED", "dateUpdated": "2026-03-02T15:56:48.806Z", "dateReserved": "2026-01-29T20:02:02.908Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2026-02-19T22:40:33.406Z", "assignerShortName": "OpenText"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "856B5AD3-A928-47FD-BD85-EA02CCE18D9F", "versionEndIncluding": "25.2", "versionStartIncluding": "20.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."}, {"lang": "es", "value": "La vulnerabilidad de Representaci\u00f3n Err\u00f3nea de Informaci\u00f3n Cr\u00edtica en la Interfaz de Usuario (IU) en OpenText\u2122 Directory Services permite el Envenenamiento de Cach\u00e9.\n\nLa vulnerabilidad podr\u00eda ser explotada por un actor malicioso para inyectar texto manipulado en la aplicaci\u00f3n OpenText, lo que podr\u00eda enga\u00f1ar a los usuarios.\n\nEste problema afecta a Directory Services: desde la 20.4.1 hasta la 25.2."}], "id": "CVE-2026-1658", "lastModified": "2026-02-26T02:48:01.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2026-02-19T23:16:15.960", "references": [{"source": "security@opentext.com", "tags": ["Vendor Advisory"], "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "security@opentext.com", "type": "Primary"}]}

{}