Vulnerabilities > Opentext

DATE CVE VULNERABILITY TITLE RISK
2017-02-22 CVE-2017-5586 Improper Input Validation vulnerability in Opentext Documentum D2
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
network
low complexity
opentext CWE-20
7.5
2017-02-22 CVE-2017-5585 Injection vulnerability in Opentext Documentum Content Server 7.3
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.
network
low complexity
opentext CWE-74
6.5
2015-08-20 CVE-2015-6530 Cross-site Scripting vulnerability in Opentext Secure MFT 2013 and Secure MFT 2014
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
network
opentext CWE-79
4.3
2014-05-19 CVE-2013-6994 Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.
network
low complexity
opentext CWE-310
6.4
2014-05-19 CVE-2013-6807 Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
network
opentext CWE-310
6.8
2014-05-19 CVE-2013-6806 Improper Authentication vulnerability in Opentext Exceed Ondemand 8.0
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.
network
opentext CWE-287
6.8
2014-05-19 CVE-2013-6805 Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.
network
low complexity
opentext CWE-310
5.0
2013-10-28 CVE-2013-3243 Remote Code Injection vulnerability in ECM Suite
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors.
network
opentext sap
6.8
2012-11-26 CVE-2010-5283 Cross-Site Request Forgery (CSRF) vulnerability in Opentext Livelink ECM 9.7.1
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.
network
opentext CWE-352
6.8
2012-11-26 CVE-2010-5282 Cross-Site Scripting vulnerability in Opentext Livelink ECM 9.7.1
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html.
network
opentext CWE-79
4.3