CVE-2021-31498 – OpenText Brava! Desktop DWF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-31498
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://www.cvedetails.com/vulnerability-list/vendor_id-2032/product_id-96672/Opentext-Brava-Desktop.html?page=1&opec=1&order=1&trc=35&sha=37f4ed0596f8ccacca7d571f22a38c97b0f19f4c https://www.opentext.com/products/brava https://www.zerodayinitiative.com/advisories/ZDI-21-638 • CWE-125: Out-of-bounds Read •
CVE-2019-12270
https://notcve.org/view.php?id=CVE-2019-12270
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. • https://packetstormsecurity.com/files/150125/Brava-Enterprise-Server-16.4-Information-Disclosure.html • CWE-732: Incorrect Permission Assignment for Critical Resource •