CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31494 – OpenText Brava! Desktop DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31494
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.cvedetails.com/vulnerability-list/vendor_id-2032/product_id-96672/Opentext-Brava-Desktop.html?page=1&opec=1&order=1&trc=35&sha=37f4ed0596f8ccacca7d571f22a38c97b0f19f4c https://www.opentext.com/products/brava https://www.zerodayinitiative.com/advisories/ZDI-21-634 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31492 – OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-31492
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. • https://www.cvedetails.com/vulnerability-list/vendor_id-2032/product_id-96672/Opentext-Brava-Desktop.html?page=1&opec=1&order=1&trc=35&sha=37f4ed0596f8ccacca7d571f22a38c97b0f19f4c https://www.opentext.com/products/brava https://www.zerodayinitiative.com/advisories/ZDI-21-632 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31498 – OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-31498
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://www.cvedetails.com/vulnerability-list/vendor_id-2032/product_id-96672/Opentext-Brava-Desktop.html?page=1&opec=1&order=1&trc=35&sha=37f4ed0596f8ccacca7d571f22a38c97b0f19f4c https://www.opentext.com/products/brava https://www.zerodayinitiative.com/advisories/ZDI-21-638 • CWE-125: Out-of-bounds Read •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3010
https://notcve.org/view.php?id=CVE-2021-3010
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. Se presenta múltiples vulnerabilidades de tipo cross-site scripting (XSS) persistentes en la interfaz web de OpenText Content Server Versión 20.3. La aplicación permite a un atacante remoto introducir JavaScript arbitrario diseñando valores de formulario maliciosos que luego no son saneados • https://www.exploit-db.com/exploits/49578 https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12270
https://notcve.org/view.php?id=CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. • https://packetstormsecurity.com/files/150125/Brava-Enterprise-Server-16.4-Information-Disclosure.html • CWE-732: Incorrect Permission Assignment for Critical Resource •