CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7650 – Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4
https://notcve.org/view.php?id=CVE-2024-7650
10 Jul 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0844620 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-0885 – Incorrect Authorization vulnerability affects OpenText™ GroupWise
https://notcve.org/view.php?id=CVE-2025-0885
03 Jul 2025 — Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects GroupWise versions 7 through 17.5, 23.4, 24.1, 24.2, 24.3, 24.4. • https://portal.microfocus.com/s/article/KM000041560?language=en_US • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2236 – Exposure of Sensitive System Information vulnerability during configuration affecting OpenText Advanced Authentication.
https://notcve.org/view.php?id=CVE-2025-2236
27 May 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the external services. This issue affects Advanced Authentication versions before 6.5. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could ... • https://portal.microfocus.com/s/article/KM000039947 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3272 – Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager.
https://notcve.org/view.php?id=CVE-2025-3272
07 May 2025 — Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge Manager: 24.2, 24.4. • https://portal.microfocus.com/s/article/KM000040405 • CWE-863: Incorrect Authorization •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-3476
https://notcve.org/view.php?id=CVE-2025-3476
07 May 2025 — Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4. Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4. • https://portal.microfocus.com/s/article/KM000040406?language=en_US • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12706 – SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.
https://notcve.org/view.php?id=CVE-2024-12706
28 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-2517 – Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
https://notcve.org/view.php?id=CVE-2025-2517
21 Apr 2025 — Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Referencia a la vulnerabilidad de dominio expirado en OpenText™ ArcSight Enterprise Security Manager. • https://portal.microfocus.com/s/article/KM000040103 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12862 – REST API allows users without permissions to remove external collaborators
https://notcve.org/view.php?id=CVE-2024-12862
21 Apr 2025 — Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. La vulnerabilidad de autorización incorrecta en la API REST de OpenText Content Server en Windows y Linux permite a los usuarios sin los permisos adecuados eliminar colaboradores externos. Este problema afecta a Content Server: 20.2-24.4. • https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0839115 • CWE-863: Incorrect Authorization •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12530 – Insecure Dynamic-Link Library (DLL) Load vulnerability
https://notcve.org/view.php?id=CVE-2024-12530
17 Apr 2025 — Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application. • https://portal.microfocus.com/s/article/KM000040073? • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-0883 – vulnerability has been discovered in OpenText™ Service Manager.
https://notcve.org/view.php?id=CVE-2025-0883
12 Mar 2025 — Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager. The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80. • https://portal.microfocus.com/s/article/KM000037099?language=en_US • CWE-81: Improper Neutralization of Script in an Error Message Web Page •