cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-7085,https://securityvulnerability.io/vulnerability/CVE-2024-7085,Cross-Site Scripting Vulnerability in OpenText Solutions Business Manager,"An XSS vulnerability exists in OpenText Solutions Business Manager (SBM) that allows attackers to perform stored cross-site scripting, potentially leading to unauthorized access to private information. This vulnerability highlights the risk of improper input neutralization during web page generation, enabling malicious actors to inject harmful scripts that can compromise user data and application integrity.",Opentext™,Solutions Business Manager (sbm),8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T16:38:55.440Z,0
CVE-2024-12111,https://securityvulnerability.io/vulnerability/CVE-2024-12111,Authentication Bypass Vulnerability in OpenText Privileged Access Manager,"CVE-2024-12111 is a security vulnerability that occurs within the OpenText Privileged Access Manager under specific conditions, enabling LDAP users to exploit the authentication process and gain unauthorized access. This vulnerability impacts Privileged Access Manager versions 23.3 (4.4) and 24.3 (4.5), posing significant risks to organizations utilizing these versions, allowing potential attackers to circumvent security measures and access sensitive information. Organizations are urged to review the security implications of this vulnerability and implement recommended updates to mitigate risks.",Opentext,Privileged Access Manager,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T20:10:58.346Z,0
CVE-2021-38116,https://securityvulnerability.io/vulnerability/CVE-2021-38116,Potential Privilege Escalation Vulnerability in iManager,"An elevation of privilege vulnerability has been identified in the OpenText iManager, affecting all versions prior to 3.2.5. This flaw allows an attacker to gain unauthorized access and control over system resources. Implementing the latest security updates is crucial to mitigate potential risks associated with this vulnerability and protect sensitive information from unauthorized modifications.",Opentext,Imanager,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:43.211Z,0
CVE-2021-38117,https://securityvulnerability.io/vulnerability/CVE-2021-38117,Potential Command Injection Vulnerability Discovered in OpenText iManager,"A command injection vulnerability has been identified in OpenText™ iManager 3.2.4.0000, which could allow an attacker to execute arbitrary commands on the system. This could lead to unauthorized control over the application, enabling further attacks or data breaches. It is crucial to address this vulnerability to ensure the integrity and security of the affected systems.",Opentext,Imanager,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:41.566Z,0
CVE-2021-38135,https://securityvulnerability.io/vulnerability/CVE-2021-38135,iManager External Service Interaction Vulnerability,"An external service interaction vulnerability has been identified in OpenText iManager version 3.2.6.0000. This flaw enables attackers to exploit the system through unintended interactions with external services, posing security risks and potential unauthorized access. Users of the affected version should implement security measures to mitigate potential threats and ensure system integrity.",Opentext,Imanager,8.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:34.561Z,0
CVE-2022-26324,https://securityvulnerability.io/vulnerability/CVE-2022-26324,Possible XSS in iManager URL for access Component,An improperly sanitized URL in the OpenText iManager's access component may allow attackers to execute cross-site scripting (XSS) attacks. This vulnerability could enable unauthorized access to sensitive information or manipulation of webpage content. Organizations using OpenText iManager 3.2.6.0000 are advised to apply available patches and implement security best practices to mitigate potential risks associated with this flaw.,Opentext,Imanager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:33.159Z,0
CVE-2023-24466,https://securityvulnerability.io/vulnerability/CVE-2023-24466,iManager GET Parameter Injection Vulnerability,"An XML External Entity Injection vulnerability has been identified in OpenText™ iManager, specifically within the GET parameter of version 3.2.6.0200. This security flaw can allow attackers to exploit XML input, leading to potential disclosure of sensitive information or unauthorized access to system resources. Proper validation and sanitization of XML data inputs are crucial to mitigating such risks and ensuring the safety of the environment.",Opentext,Imanager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:31.683Z,0
CVE-2023-24467,https://securityvulnerability.io/vulnerability/CVE-2023-24467,iManager GET Parameter Vulnerability,"A vulnerability in OpenText™ iManager allows for command injection through the manipulation of GET parameters. This flaw, identified in version 3.2.6.0000, could enable attackers to execute arbitrary commands on the server, potentially compromising user data and system integrity. Administrators are urged to assess their systems and apply necessary mitigations to address this security risk.",Opentext,Imanager,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:29.957Z,0
CVE-2024-4184,https://securityvulnerability.io/vulnerability/CVE-2024-4184,DTD Injection Vulnerability in OpenText Application Automation Tools,"The vulnerability in OpenText Application Automation Tools arises from an improper restriction of XML External Entity (XXE) references. This flaw enables an attacker to exploit the application by injecting a Document Type Definition (DTD), which may lead to unauthorized access to sensitive information or manipulation of the application's data. Affected versions include OpenText Application Automation Tools 24.1.0 and earlier, highlighting the critical need for immediate remediation to safeguard against potential exploits.",OpenText,Application Automation Tools,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2021-22532,https://securityvulnerability.io/vulnerability/CVE-2021-22532,Possible NLDAP Denial of Service Vulnerability Discovered in eDirectory,"OpenText™ eDirectory is susceptible to a denial of service attack via the NLDAP interface, which may result in service disruption and hinder proper user access. The vulnerability exists in versions prior to 9.2.4.0000, posing risks to organizations relying on this directory service for essential operations. It is crucial for users of OpenText™ eDirectory to monitor updates and apply necessary patches to maintain the integrity and availability of their network infrastructure.",Opentext,Edirectory,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-12T12:44:20.724Z,0
CVE-2021-22533,https://securityvulnerability.io/vulnerability/CVE-2021-22533,Possible Insertion of Sensitive Information into Log File Vulnerability,"A vulnerability in OpenText™ eDirectory allows for the potential insertion of sensitive information into log files, which may lead to unintended data exposure. This flaw could compromise the confidentiality and integrity of sensitive data stored within the affected system. Organizations using OpenText eDirectory version 9.2.4.0000 should be aware of this vulnerability and consider implementing protective measures to mitigate the risk of unauthorized access to confidential information.",Opentext,Edirectory,9.1,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-09-12T12:43:51.734Z,0
CVE-2021-38132,https://securityvulnerability.io/vulnerability/CVE-2021-38132,Possible External Service Interaction Attack in eDirectory,"An external service interaction vulnerability has been identified in OpenText eDirectory, allowing potential attackers to exploit this weakness in versions preceding 9.2.6.0000. Organizations using affected versions are advised to apply patches to mitigate the risks associated with this vulnerability, as it may enable malicious actors to interact with external services in an unintended manner.",Opentext,Edirectory,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-09-12T12:42:19.675Z,0
CVE-2022-26322,https://securityvulnerability.io/vulnerability/CVE-2022-26322,Possible Insertion of Sensitive Information into Log File Vulnerability Discovered in OpenText Identity Manager REST Driver,"A vulnerability in the OpenText Identity Manager REST Driver allows the potential insertion of sensitive information into log files. This issue can lead to unintentional exposure of sensitive data, thereby increasing the risk of data breaches. Targeted versions prior to 1.1.2.0200 are impacted, highlighting the need for timely updates and monitoring of log file contents to prevent information leakage.",Opentext,Identity Manager Rest Driver 1.1.2.0200,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-12T12:40:22.648Z,0
CVE-2021-22530,https://securityvulnerability.io/vulnerability/CVE-2021-22530,NetIQ Advance Authentication Vulnerability Could Lead to User Account Compromise or Server Performance Issues,"A critical security flaw exists in NetIQ Advance Authentication, which fails to implement effective account lockout mechanisms during brute force attacks on API logins. This oversight may allow unauthorized users to gain access to accounts by incrementally guessing credentials, thereby risking user account compromise and potentially degrading server performance. All versions of NetIQ Advance Authentication prior to 6.3.5.1 are affected, emphasizing the importance of maintaining updated software to mitigate risks associated with this vulnerability.",Opentext,Netiq Advance Authentication,9.9,CRITICAL,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-08-28T06:29:20.166Z,0
CVE-2021-38120,https://securityvulnerability.io/vulnerability/CVE-2021-38120,Backup Functionality Vulnerable to Bash Command Injection via Improper Command Parameter Handling,"A vulnerability in NetIQ Advance Authentication has been identified, allowing for potential bash command injection via improperly handled command parameters. This flaw specifically affects the backup functionalities under administrative control. Administrators utilizing versions of NetIQ Advance Authentication prior to 6.3.5.1 are at risk, as this vulnerability may enable attackers to execute arbitrary commands, thereby compromising the security of the system.",Opentext,Netiq Advance Authentication,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-28T06:28:55.684Z,0
CVE-2021-38121,https://securityvulnerability.io/vulnerability/CVE-2021-38121,Insufficient TLS Protocol Version Risk Affects Authentication Client Server Communication,"The vulnerability arises from the use of insufficient or weak TLS protocol versions in the NetIQ Advanced Authentication client-server communication. This weakness can potentially allow attackers to exploit the specific service accessed between devices, making the system vulnerable to interception and unauthorized access. It is crucial for users running versions of NetIQ Advanced Authentication earlier than 6.3.5.1 to address this issue promptly to enhance the security of their authentication systems.",Opentext,Netiq Advance Authentication,8.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-08-28T06:28:43.452Z,0
CVE-2021-38122,https://securityvulnerability.io/vulnerability/CVE-2021-38122,Cross-Site Scripting Vulnerability Affects NetIQ Advance Authentication,"A Cross-Site Scripting vulnerability exists in NetIQ Advance Authentication affecting versions prior to 6.3.5.1. This vulnerability can impact the server's functionality, potentially allowing an attacker to execute arbitrary scripts in the context of the user's session. As a result, sensitive information may be disclosed, posing serious security risks. It is essential for organizations using this product to apply the latest updates to mitigate this vulnerability.",Opentext,Netiq Advance Authentication,8.2,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2024-08-28T06:28:29.654Z,0
CVE-2024-4555,https://securityvulnerability.io/vulnerability/CVE-2024-4555,Potential for User Account Impersonation Through Improper Privilege Management,"A vulnerability exists within OpenText NetIQ Access Manager which allows for improper privilege management, enabling user account impersonation under certain conditions. This vulnerability affects versions of NetIQ Access Manager prior to 5.0.4.1 and 5.1. Organizations using these versions are advised to assess their systems for potential exposure and apply the necessary patches to mitigate the risks associated with this security flaw.",Opentext,Netiq Access Manager,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-08-28T06:27:21.348Z,0
CVE-2024-4556,https://securityvulnerability.io/vulnerability/CVE-2024-4556,Access to Sensitive Information Compromised by Path Traversal Vulnerability in OpenText NetIQ Access Manager,"A vulnerability exists in OpenText NetIQ Access Manager that allows improper limitation of a pathname, enabling attackers to perform path traversal attacks. This can lead to unauthorized access to sensitive information, potentially compromising the security of affected systems. The issue is present in versions prior to 5.0.4 and 5.1, creating an urgency for users to apply the latest security updates to mitigate risks associated with this flaw.",Opentext,Netiq Access Manager,7.5,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-08-28T06:27:07.990Z,0
CVE-2023-7260,https://securityvulnerability.io/vulnerability/CVE-2023-7260,Arbitrary File Access Vulnerability in OpenText CX-E Voice,"A Path Traversal vulnerability has been identified in OpenText CX-E Voice, allowing unauthorized users to access restricted system files. This issue impacts all versions of the product up to and including version 22.4. The vulnerability can be exploited by manipulating file paths, enabling an attacker to traverse directories and gain access to files that should be safeguarded. Organizations utilizing OpenText CX-E Voice must take proactive measures to secure their systems against this potential threat.",Opentext™,Cx-e Voice,7.5,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2024-08-22T20:54:55.297Z,0
CVE-2020-11847,https://securityvulnerability.io/vulnerability/CVE-2020-11847,SSH Authenticated Users Can Execute OS Commands for Full System Access,"An issue exists within NetIQ's Privileged Access Manager that allows SSH authenticated users to execute arbitrary OS commands on the PAM server. This vulnerability permits full system access through the exploitation of the command execution capability via the shell (bash). Organizations utilizing affected versions of Privileged Access Manager prior to 3.7.0.1 may face significant security risks, including unauthorized access and potential system compromise.",Opentext,Privileged Access Manager,7.8,HIGH,0.0017399999778717756,false,,false,false,false,,,false,false,,2024-08-21T13:38:44.228Z,0
CVE-2020-11846,https://securityvulnerability.io/vulnerability/CVE-2020-11846,Unrestricted Access Vulnerability in OpenText Privileged Access Manager,"A vulnerability in OpenText Privileged Access Manager allows for improper access control due to the issuance of a token that sets a cookie, granting unrestricted access to all application resources. This issue potentially exposes sensitive information and affects versions prior to 3.7.0.1, emphasizing the need for prompt updates to mitigate the risk of unauthorized access.",Opentext,Privileged Access Manager,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-08-21T13:37:11.454Z,0
CVE-2023-7249,https://securityvulnerability.io/vulnerability/CVE-2023-7249,Path Traversal Vulnerability in OpenText Directory Services,"A vulnerability exists in OpenText Directory Services that allows unauthorized users to exploit improper limitations on pathname restrictions, leading to Path Traversal. This security flaw permits adversaries to manipulate paths and potentially access sensitive data beyond designated directory boundaries. Affected versions span from 16.4.2 up to, but not including, 24.1, necessitating immediate action for securing affected installations against possible exploitation.",Opentext,Opentext Directory Services,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-12T15:59:00.272Z,0
CVE-2024-6357,https://securityvulnerability.io/vulnerability/CVE-2024-6357,Insecure Direct Object Reference exposed in OpenText ArcSight Intelligence,"An Insecure Direct Object Reference vulnerability has been identified in OpenText ArcSight Intelligence, a widely used security analytics tool. This vulnerability allows unauthorized access to sensitive data, potentially leading to data breaches and user data exposure. Attackers can exploit this weakness to manipulate object references and gain access to resources they should not be able to see or use. Organizations using this product should implement recommended security patches and review their security configurations to mitigate risks associated with this vulnerability. Users are encouraged to stay informed about the security advisories from OpenText to ensure their systems are protected against potential exploit attempts.",Opentext,Arcsight Intelligence,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-06T13:08:46.927Z,0
CVE-2024-6359,https://securityvulnerability.io/vulnerability/CVE-2024-6359,Privilege Escalation Vulnerability Discovered in OpenText ArcSight Intelligence,"A privilege escalation vulnerability has been identified in OpenText ArcSight Intelligence that may allow attackers to gain unauthorized access to sensitive functionalities or data within the platform. This issue poses significant risks to organizations relying on OpenText solutions for security monitoring and incident response, as it could enable users with lower privileges to elevate their access levels, thereby compromising the integrity and confidentiality of the system.",Opentext,Arcsight Intelligence,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-06T13:08:45.219Z,0