Microfocus: Security Vulnerabilities
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
CVSS Score
7.6
EPSS Score
0.001
Published
2024-11-06
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.
The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system.
This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
CVSS Score
4.8
EPSS Score
0.002
Published
2024-10-28
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-10-16
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-10-16
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers.
This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-10-16
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-10-16
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names.
This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVSS Score
2.4
EPSS Score
0.001
Published
2024-10-16
Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.
This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-10-02
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-09-12
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVSS Score
7.4
EPSS Score
0.002
Published
2024-09-12