Filtered by vendor Opentext
Subscribe
Total
89 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7660 | 1 Opentext | 1 Documentum D2 | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. | |||||
| CVE-2018-7659 | 1 Opentext | 1 Documentum D2 | 2018-05-16 | 3.5 LOW | 5.4 MEDIUM |
| In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. | |||||
| CVE-2017-14960 | 1 Opentext | 1 Document Sciences Xpression | 2018-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. | |||||
| CVE-2017-15276 | 1 Opentext | 1 Documentum Content Server | 2017-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | |||||
| CVE-2017-15012 | 1 Opentext | 1 Documentum Content Server | 2017-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. | |||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-14756 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). | |||||
| CVE-2017-14755 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | |||||
| CVE-2017-14759 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service. | |||||
| CVE-2017-14754 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-11 | 6.8 MEDIUM | 6.5 MEDIUM |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-14527 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2017-10-10 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | |||||
| CVE-2017-14526 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2017-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | |||||
| CVE-2017-14525 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2017-10-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
| CVE-2017-14524 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2017-10-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
| CVE-2010-5283 | 1 Opentext | 1 Livelink Ecm | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | |||||
| CVE-2010-5282 | 1 Opentext | 1 Livelink Ecm | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. | |||||
| CVE-2017-7221 | 1 Opentext | 1 Documentum Content Server | 2017-08-16 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | |||||
| CVE-2008-0769 | 1 Opentext | 1 Livelink Ecm | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | |||||
| CVE-2004-2496 | 1 Opentext | 1 Opentext Firstclass | 2017-07-11 | 7.8 HIGH | N/A |
| The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | |||||