Filtered by vendor Opentext
Subscribe
Total
121 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6807 | 1 Opentext | 1 Exceed Ondemand | 2026-05-06 | 6.8 MEDIUM | N/A |
| The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | |||||
| CVE-2013-6805 | 1 Opentext | 1 Exceed Ondemand | 2026-05-06 | 5.0 MEDIUM | N/A |
| OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. | |||||
| CVE-2013-6994 | 1 Opentext | 1 Exceed Ondemand | 2026-05-06 | 6.4 MEDIUM | N/A |
| OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | |||||
| CVE-2015-6530 | 1 Opentext | 2 Secure Mft 2013, Secure Mft 2014 | 2026-05-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp. | |||||
| CVE-2016-2002 | 1 Opentext | 1 Vertica | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. | |||||
| CVE-2015-6867 | 1 Opentext | 1 Vertica | 2026-05-06 | 7.5 HIGH | N/A |
| The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | |||||
| CVE-2013-3243 | 2 Opentext, Sap | 2 Opentext\/ixos Ecm For Sap Netweaver, Netweaver | 2026-04-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors. | |||||
| CVE-2010-5283 | 1 Opentext | 1 Livelink Ecm | 2026-04-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. | |||||
| CVE-2010-5282 | 1 Opentext | 1 Livelink Ecm | 2026-04-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. | |||||
| CVE-2008-0769 | 1 Opentext | 1 Livelink Ecm | 2026-04-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. | |||||
| CVE-2025-12453 | 1 Opentext | 1 Vertica | 2026-04-17 | N/A | 6.1 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X. | |||||
| CVE-2025-12454 | 1 Opentext | 1 Vertica | 2026-04-17 | N/A | 6.1 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X. | |||||
| CVE-2025-12455 | 1 Opentext | 1 Vertica | 2026-04-17 | N/A | 7.5 HIGH |
| Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X. | |||||
| CVE-2004-2496 | 1 Opentext | 1 Opentext Firstclass | 2026-04-16 | 7.8 HIGH | N/A |
| The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | |||||
| CVE-2004-0037 | 1 Opentext | 1 Opentext Firstclass Desktop Client | 2026-04-16 | 7.5 HIGH | N/A |
| FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. | |||||
| CVE-2001-0631 | 1 Opentext | 1 Firstclass | 2026-04-06 | 5.0 MEDIUM | N/A |
| Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. | |||||
| CVE-2007-2976 | 1 Opentext | 2 Firstclass, Server And Internet Services | 2026-03-23 | 4.3 MEDIUM | N/A |
| Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2026-3278 | 1 Opentext | 1 Zenworks Service Desk | 2026-03-19 | N/A | 6.1 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3. | |||||
| CVE-2026-3266 | 1 Opentext | 1 Filr | 2026-03-05 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2. | |||||
| CVE-2025-13671 | 1 Opentext | 1 Web Site Management Server | 2026-02-27 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | |||||