Vulnerabilities > Opentext > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2021-22518 | Information Exposure Through Log Files vulnerability in Opentext Identity Manager Azuread Driver A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. | 5.5 |
| 2024-08-05 | CVE-2024-6361 | Cross-site Scripting vulnerability in Opentext ALM Octane Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. | 5.4 |
| 2024-07-31 | CVE-2024-4187 | Cross-site Scripting vulnerability in Opentext Filr 24.1.1/24.2 Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. | 5.4 |
| 2024-01-29 | CVE-2023-4553 | Unspecified vulnerability in Opentext Appbuilder 21.2 Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. AppBuilder configuration files are viewable by unauthenticated users. This issue affects AppBuilder: from 21.2 before 23.2. | 5.3 |
| 2024-01-29 | CVE-2023-4554 | XXE vulnerability in Opentext Appbuilder 21.2 Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them. This issue affects AppBuilder: from 21.2 before 23.2. | 6.5 |
| 2021-06-15 | CVE-2021-31480 | Type Confusion vulnerability in Opentext Brava! 16.6.3.84 This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. | 6.8 |
| 2019-05-21 | CVE-2019-12270 | Incorrect Permission Assignment for Critical Resource vulnerability in Opentext Brava! 16.3/16.4/7.5 OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. | 6.8 |
| 2019-03-22 | CVE-2018-20165 | Cross-site Scripting vulnerability in Opentext Portal 7.4.4 Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. | 4.3 |
| 2019-03-21 | CVE-2019-7416 | Cross-site Scripting vulnerability in Opentext Documentum Webtop 5.3 XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. | 4.3 |
| 2018-01-04 | CVE-2017-14960 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. | 5.0 |