Filtered by vendor Opentext
Subscribe
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31502 | 1 Opentext | 1 Brava\! Desktop | 2023-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673. | |||||
| CVE-2022-41221 | 1 Opentext | 1 Archive Center Administration | 2023-06-01 | N/A | 7.1 HIGH |
| The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | |||||
| CVE-2023-31871 | 1 Opentext | 1 Documentum Content Server | 2023-05-26 | N/A | 7.8 HIGH |
| OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. | |||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2023-05-06 | N/A | 9.8 CRITICAL |
| OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | |||||
| CVE-2022-45923 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker. | |||||
| CVE-2022-45927 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-30 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code. | |||||
| CVE-2022-45926 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-26 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports. | |||||
| CVE-2022-45925 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-26 | N/A | 7.5 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and server_name, which is an information disclosure. | |||||
| CVE-2022-45924 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-26 | N/A | 8.1 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem. | |||||
| CVE-2022-45922 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-26 | N/A | 8.8 HIGH |
| An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password. | |||||
| CVE-2022-45928 | 1 Opentext | 1 Opentext Extended Ecm | 2023-01-25 | N/A | 8.8 HIGH |
| A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript code in HTML files, it is possible for an attacker to execute Oscript code. The Oscript scripting language allows the attacker (for example) to manipulate files on the filesystem, create new network connections, or execute OS commands. | |||||
| CVE-2021-31480 | 1 Opentext | 1 Brava\! | 2021-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12654. | |||||
| CVE-2021-3010 | 1 Opentext | 1 Content Server | 2021-03-04 | 3.5 LOW | 5.4 MEDIUM |
| There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. | |||||
| CVE-2019-12270 | 2 Microsoft, Opentext | 2 Windows, Brava\! | 2020-08-24 | 6.8 MEDIUM | 7.4 HIGH |
| OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor's position is that customers are not supposed to use this default setting without consulting the documentation. | |||||
| CVE-2017-15014 | 1 Opentext | 1 Documentum Content Server | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem. | |||||
| CVE-2017-7220 | 1 Opentext | 1 Documentum Content Server | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532. | |||||
| CVE-2017-15013 | 1 Opentext | 1 Documentum Content Server | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. | |||||
| CVE-2018-20165 | 1 Opentext | 1 Opentext Portal | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | |||||
| CVE-2019-7416 | 1 Opentext | 1 Documentum Webtop | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. | |||||
| CVE-2015-6530 | 1 Opentext | 2 Secure Mft 2013, Secure Mft 2014 | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. | |||||