Vulnerabilities > Opentext

DATE CVE VULNERABILITY TITLE RISK
2021-06-15 CVE-2021-31502 Unspecified vulnerability in Opentext Brava! Desktop 16.6.4.55
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55.
local
low complexity
opentext
7.8
2021-02-26 CVE-2021-3010 Cross-site Scripting vulnerability in Opentext Content Server 20.3
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3.
network
low complexity
opentext CWE-79
5.4
2019-05-21 CVE-2019-12270 Incorrect Permission Assignment for Critical Resource vulnerability in Opentext Brava! 16.3/16.4/7.5
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows.
network
high complexity
opentext CWE-732
7.4
2019-03-22 CVE-2018-20165 Cross-site Scripting vulnerability in Opentext Portal 7.4.4
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
network
low complexity
opentext CWE-79
6.1
2019-03-21 CVE-2019-7416 Open Redirect vulnerability in Opentext Documentum Webtop 5.3
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2.
network
low complexity
opentext CWE-601
6.1
2018-04-11 CVE-2018-7660 Cross-site Scripting vulnerability in Opentext Documentum D2 4.6.0030
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter.
network
low complexity
opentext CWE-79
5.4
2018-04-11 CVE-2018-7659 Cross-site Scripting vulnerability in Opentext Documentum D2 4.6.0030
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.
network
low complexity
opentext CWE-79
5.4
2018-01-04 CVE-2017-14960 SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5
xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.
network
low complexity
opentext CWE-89
7.5
2017-10-13 CVE-2017-15276 Path Traversal vulnerability in Opentext Documentum Content Server 7.3
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives).
network
low complexity
opentext CWE-22
8.8
2017-10-13 CVE-2017-15014 Improper Privilege Management vulnerability in Opentext Documentum Content Server 7.3
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call.
network
low complexity
opentext CWE-269
4.3