Opentext: Security Vulnerabilities
Use of Hard-coded Cryptographic Key vulnerability in OpenText™ Exceed Turbo X affecting versions 12.5.1 and 12.5.2. The vulnerability could compromise the cryptographic keys.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-03-13
HTML injection in OpenText™ Exceed Turbo X affecting version 12.5.1. The vulnerability could result in Cross site scripting.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-03-13
Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
CVSS Score
8.6
EPSS Score
0.002
Published
2024-03-13
Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-02-15
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system.
This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-29
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
AppBuilder configuration files are viewable by unauthenticated users.
This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-01-29
Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files.
AppBuilder's XML processor is vulnerable to XML External Entity Processing (XXE), allowing an authenticated user to upload specially crafted XML files to induce server-side request forgery, disclose files local to the server that processes them.
This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
4.9
EPSS Score
0.0
Published
2024-01-29
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-01-29
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows OS Command Injection.
The AppBuilder's Scheduler functionality that facilitates creation of scheduled tasks is vulnerable to command injection. This allows authenticated users to inject arbitrary operating system commands into the executing process.
This issue affects AppBuilder: from 21.2 before 23.2.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-01-29
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.
CVSS Score
7.1
EPSS Score
0.0
Published
2023-05-24