Vulnerabilities > Opentext
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-14525 | Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 5.8 |
| 2017-09-28 | CVE-2017-14524 | Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 5.8 |
| 2017-05-10 | CVE-2017-8892 | Cross-site Scripting vulnerability in Opentext Tempo BOX 10.0.3 Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | 4.3 |
| 2017-04-25 | CVE-2017-7221 | SQL Injection vulnerability in Opentext Documentum Content Server OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. | 6.5 |
| 2017-04-21 | CVE-2017-7220 | Improper Input Validation vulnerability in Opentext Documentum Content Server OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. | 9.0 |
| 2017-02-22 | CVE-2017-5586 | Improper Input Validation vulnerability in Opentext Documentum D2 OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | 7.5 |
| 2017-02-22 | CVE-2017-5585 | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 6.5 |
| 2015-08-20 | CVE-2015-6530 | Cross-site Scripting vulnerability in Opentext Secure MFT 2013 and Secure MFT 2014 Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. | 4.3 |
| 2014-05-19 | CVE-2013-6994 | Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0 OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | 6.4 |
| 2014-05-19 | CVE-2013-6807 | Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0 The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | 6.8 |