Page 7 of 145 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría conducir a la ejecución remota de código al analizar el payload XML que no es de confianza. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request La escalada de privilegios en OpenText Dimensions RM permite a un usuario autenticado escalar su privilegio al privilegio de otro usuario a través de una solicitud HTTP. • https://portal.microfocus.com/s/article/KM000029985 • CWE-287: Improper Authentication •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices Lectura arbitraria de archivos en OpenText Dimensions RM permite a los usuarios autenticados leer archivos almacenados en el servidor a través de servicios web • https://portal.microfocus.com/s/article/KM000029988 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •