CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2024-12530 – Insecure Dynamic-Link Library (DLL) Load vulnerability
https://notcve.org/view.php?id=CVE-2024-12530
17 Apr 2025 — Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application. • https://portal.microfocus.com/s/article/KM000040073? • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0883 – vulnerability has been discovered in OpenText™ Service Manager.
https://notcve.org/view.php?id=CVE-2025-0883
12 Mar 2025 — Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager. The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80. • https://portal.microfocus.com/s/article/KM000037099?language=en_US • CWE-81: Improper Neutralization of Script in an Error Message Web Page •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0884 – Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager.
https://notcve.org/view.php?id=CVE-2025-0884
12 Mar 2025 — Unquoted Search Path or Element vulnerability in OpenText™ Service Manager. The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72. • https://portal.microfocus.com/s/article/KM000036731?language=en_US • CWE-428: Unquoted Search Path or Element •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12799 – Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2024-12799
05 Mar 2025 — Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0. • https://portal.microfocus.com/s/article/KM000037455 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8125 – A remote code vulnerability has been discovered in OpenText™ Content Management.
https://notcve.org/view.php?id=CVE-2024-8125
04 Feb 2025 — Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4 with WebReports module installed and enabled. Improper Validation of Specified Type of Input vulnerability in OpenText™ Co... • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7085 – Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM).
https://notcve.org/view.php?id=CVE-2024-7085
15 Jan 2025 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1. • https://portal.microfocus.com/s/article/KM000036201?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10863 – Client-side audit exclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-10863
22 Nov 2024 — : Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side. • https://portal.microfocus.com/s/article/KM000036389? • CWE-778: Insufficient Logging •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38116 – Possible Command injection Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38116
22 Nov 2024 — Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5 Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5 • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38117 – Possible Remote Code Execution Vulnerability OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38117
22 Nov 2024 — Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38118 – Possible Local Privilege Escalation Vulnerability in OpenText iManager
https://notcve.org/view.php?id=CVE-2021-38118
22 Nov 2024 — Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. • https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html • CWE-250: Execution with Unnecessary Privileges •