CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6361 – Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product.
https://notcve.org/view.php?id=CVE-2024-6361
Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code execution attack. • https://portal.microfocus.com/s/article/KM000032605?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4187 – Stored XSS vulnerability has been discovered in OpenText™ Filr. The vulnerability could cause users to not be warned when clicking links to external sites.
https://notcve.org/view.php?id=CVE-2024-4187
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1 and 24.2. The vulnerability could cause users to not be warned when clicking links to external sites. • https://portal.microfocus.com/s/article/KM000032291 • CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4188 – Security vulnerability exists in Documentum server cloud releases that could allow access to sensitive information which can impact system Operation.
https://notcve.org/view.php?id=CVE-2024-4188
Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0815868 • CWE-523: Unprotected Transport of Credentials •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7050
https://notcve.org/view.php?id=CVE-2024-7050
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2. • https://support.opentext.com/csm?id=kb_article_view&sysparm_article=KB0821213 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4429 – Cross Site Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-4429
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure. Se ha descubierto una vulnerabilidad de Cross-Site Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-352: Cross-Site Request Forgery (CSRF) •