CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7249
https://notcve.org/view.php?id=CVE-2023-7249
12 Aug 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText OpenText Directory Services allows Path Traversal.This issue affects OpenText Directory Services: from 16.4.2 before 24.1. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0807814 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6357 – Insecure Direct Object Reference vulnerability
https://notcve.org/view.php?id=CVE-2024-6357
06 Aug 2024 — Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. • https://portal.microfocus.com/s/article/KM000032593 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6359 – Privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-6359
06 Aug 2024 — Privilege escalation vulnerability identified in OpenText ArcSight Intelligence. • https://portal.microfocus.com/s/article/KM000032594 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6358 – Incorrect Authorization vulnerability
https://notcve.org/view.php?id=CVE-2024-6358
06 Aug 2024 — Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence. • https://portal.microfocus.com/s/article/KM000032595 • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6361 – Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product.
https://notcve.org/view.php?id=CVE-2024-6361
05 Aug 2024 — Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. • https://portal.microfocus.com/s/article/KM000032605?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4187 – Stored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites.
https://notcve.org/view.php?id=CVE-2024-4187
31 Jul 2024 — Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. • https://portal.microfocus.com/s/article/KM000032291 • CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4188 – Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.
https://notcve.org/view.php?id=CVE-2024-4188
30 Jul 2024 — Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0815868 • CWE-523: Unprotected Transport of Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7050
https://notcve.org/view.php?id=CVE-2024-7050
26 Jul 2024 — Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4429 – Cross Site Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-4429
28 May 2024 — Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure. Se ha descubierto una vulnerabilidad de Cross-Site Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial. Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3969 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3969
28 May 2024 — XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría conducir a la ejecución remota de código al analizar el payload XML que no es de confianza. XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payl... • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •