https://www.opentext.com/about https://www.opentext.com/about/privacy
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack.
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites.
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4.
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2.
Exposure of Sensitive Information to an Unauthorized Access vulnerability in OpenText NetIQ Directory and Resource Administrator. This issue affects NetIQ Directory and Resource Administrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10.
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited.
This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure.
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request
Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application.
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.
An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address.
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4.
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files.
Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files.
A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited.
Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service Management Automation X (SMAX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; Asset Management X (AMX) versions: 2021.08, 2021.11, 2022.05, 2022.11, 2023.05; and Hybrid Cloud Management X (HCMX) versions: 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11, 2023.05.
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11.
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lower Please upgrade to one of the following Vertica Management Console versions: 10.x to upgrade to latest versions from below. 11.1.1-25 12.0.4-19 23.x 24.x
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.
Improper authentication vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.0 and 12.5.1. The vulnerability could allow disclosure of restricted information in unauthenticated RPC.
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6.
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2.
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2.
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2.
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process. This issue affects AppBuilder: from 21.2 before 23.2.
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. This issue affects AppBuilder: from 21.2 before 23.2.
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.