Vulnerabilities > Opentext

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2023-7249 Path Traversal vulnerability in Opentext Directory Services
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1.
network
low complexity
opentext CWE-22
critical
9.8
2024-08-06 CVE-2024-6357 Authorization Bypass Through User-Controlled Key vulnerability in Opentext Arcsight Intelligence
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
network
low complexity
opentext CWE-639
8.8
2024-08-06 CVE-2024-6358 Incorrect Authorization vulnerability in Opentext Arcsight Intelligence
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
network
low complexity
opentext CWE-863
8.8
2024-08-06 CVE-2024-6359 Unspecified vulnerability in Opentext Arcsight Intelligence
Privilege escalation vulnerability identified in OpenText ArcSight Intelligence.
network
low complexity
opentext
critical
9.8
2024-08-05 CVE-2024-6361 Cross-site Scripting vulnerability in Opentext ALM Octane
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane.
network
low complexity
opentext CWE-79
5.4
2024-07-31 CVE-2024-4187 Cross-site Scripting vulnerability in Opentext Filr 24.1.1/24.2
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2.
network
low complexity
opentext CWE-79
5.4
2024-03-15 CVE-2023-7248 Unspecified vulnerability in Opentext Vertica
Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests.  The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences.
network
low complexity
opentext
critical
9.8
2024-01-29 CVE-2023-4550 Files or Directories Accessible to External Parties vulnerability in Opentext Appbuilder 21.2
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
network
low complexity
opentext CWE-552
7.5
2024-01-29 CVE-2023-4551 Unspecified vulnerability in Opentext Appbuilder 21.2
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection. The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection.
network
low complexity
opentext
8.8
2024-01-29 CVE-2023-4552 Unspecified vulnerability in Opentext Appbuilder 21.2
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This issue affects AppBuilder: from 21.2 before 23.2.
network
low complexity
opentext
7.1