CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3478 – OpenText Enterprise Security Manager Stored XSS
https://notcve.org/view.php?id=CVE-2025-3478
25 Aug 2025 — A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. • https://portal.microfocus.com/s/article/KM000042483 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-8997 – OpenText Enterprise Security Manager Information Exposure
https://notcve.org/view.php?id=CVE-2025-8997
25 Aug 2025 — An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. • https://portal.microfocus.com/s/article/KM000042482 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7650 – Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4
https://notcve.org/view.php?id=CVE-2024-7650
10 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0844620 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-0885 – Incorrect Authorization vulnerability affects OpenText™ GroupWise
https://notcve.org/view.php?id=CVE-2025-0885
03 Jul 2025 — Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 24.4. • https://portal.microfocus.com/s/article/KM000041560?language=en_US • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2236 – Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication.
https://notcve.org/view.php?id=CVE-2025-2236
27 May 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could ... • https://portal.microfocus.com/s/article/KM000039947 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3272 – Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager.
https://notcve.org/view.php?id=CVE-2025-3272
07 May 2025 — Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4. • https://portal.microfocus.com/s/article/KM000040405 • CWE-863: Incorrect Authorization •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3476
https://notcve.org/view.php?id=CVE-2025-3476
07 May 2025 — Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4. Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4. • https://portal.microfocus.com/s/article/KM000040406?language=en_US • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12706 – SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.
https://notcve.org/view.php?id=CVE-2024-12706
28 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2517 – Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
https://notcve.org/view.php?id=CVE-2025-2517
21 Apr 2025 — Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Referencia a la vulnerabilidad de dominio expirado en OpenText™ ArcSight Enterprise Security Manager. • https://portal.microfocus.com/s/article/KM000040103 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12862 – REST API allows users without permissions to remove external collaborators
https://notcve.org/view.php?id=CVE-2024-12862
21 Apr 2025 — Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. La vulnerabilidad de autorización incorrecta en la API REST de OpenText Content Server en Windows y Linux permite a los usuarios sin los permisos adecuados eliminar colaboradores externos. Este problema afecta a Content Server: 20.2-24.4. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115 • CWE-863: Incorrect Authorization •