Vulnerabilities > Opentext
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-14525 | Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 6.1 |
| 2017-09-28 | CVE-2017-14524 | Open Redirect vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | 6.1 |
| 2017-05-10 | CVE-2017-8892 | Cross-site Scripting vulnerability in Opentext Tempo BOX 10.0.3 Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image. | 6.1 |
| 2017-04-25 | CVE-2017-7221 | SQL Injection vulnerability in Opentext Documentum Content Server OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. | 8.8 |
| 2017-04-21 | CVE-2017-7220 | Improper Input Validation vulnerability in Opentext Documentum Content Server OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. | 8.8 |
| 2017-02-22 | CVE-2017-5586 | Improper Input Validation vulnerability in Opentext Documentum D2 OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. | 9.8 |
| 2017-02-22 | CVE-2017-5585 | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 8.8 |