Vulnerabilities > Opentext

DATE CVE VULNERABILITY TITLE RISK
2017-09-28 CVE-2017-14524 Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
network
opentext CWE-601
5.8
2017-05-10 CVE-2017-8892 Cross-site Scripting vulnerability in Opentext Tempo BOX 10.0.3
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
network
opentext CWE-79
4.3
2017-04-25 CVE-2017-7221 SQL Injection vulnerability in Opentext Documentum Content Server
OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string.
network
low complexity
opentext CWE-89
6.5
2017-04-21 CVE-2017-7220 Improper Input Validation vulnerability in Opentext Documentum Content Server
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack.
network
low complexity
opentext CWE-20
critical
9.0
2017-02-22 CVE-2017-5586 Improper Input Validation vulnerability in Opentext Documentum D2
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
network
low complexity
opentext CWE-20
7.5
2017-02-22 CVE-2017-5585 Injection vulnerability in Opentext Documentum Content Server 7.3
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.
network
low complexity
opentext CWE-74
6.5
2015-08-20 CVE-2015-6530 Cross-site Scripting vulnerability in Opentext Secure MFT 2013 and Secure MFT 2014
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
network
opentext CWE-79
4.3
2014-05-19 CVE-2013-6994 Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.
network
low complexity
opentext CWE-310
6.4
2014-05-19 CVE-2013-6807 Cryptographic Issues vulnerability in Opentext Exceed Ondemand 8.0
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
network
opentext CWE-310
6.8
2014-05-19 CVE-2013-6806 Improper Authentication vulnerability in Opentext Exceed Ondemand 8.0
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.
network
opentext CWE-287
6.8