cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8125,https://securityvulnerability.io/vulnerability/CVE-2024-8125,Improper Input Validation in OpenText Content Management Products,"An improper validation of specified input types in OpenText™ Content Management (Extended ECM) can lead to parameter injection vulnerabilities. Attackers with the requisite privileges can exploit this flaw to execute malicious code remotely on affected systems. This vulnerability primarily impacts versions 10.0 through 24.4 of OpenText Content Management with the WebReports module enabled, thereby posing significant security risks to organizations using these systems. Timely patching and updates are essential to mitigate potential threats stemming from this vulnerability.",Opentext™,Content Management (extended Ecm),5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-04T21:27:27.804Z,0
CVE-2024-7085,https://securityvulnerability.io/vulnerability/CVE-2024-7085,Cross-Site Scripting Vulnerability in OpenText Solutions Business Manager,"An XSS vulnerability exists in OpenText Solutions Business Manager (SBM) that allows attackers to perform stored cross-site scripting, potentially leading to unauthorized access to private information. This vulnerability highlights the risk of improper input neutralization during web page generation, enabling malicious actors to inject harmful scripts that can compromise user data and application integrity.",Opentext™,Solutions Business Manager (sbm),8.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-15T16:38:55.440Z,0
CVE-2024-12111,https://securityvulnerability.io/vulnerability/CVE-2024-12111,Authentication Bypass Vulnerability in OpenText Privileged Access Manager,"CVE-2024-12111 is a security vulnerability that occurs within the OpenText Privileged Access Manager under specific conditions, enabling LDAP users to exploit the authentication process and gain unauthorized access. This vulnerability impacts Privileged Access Manager versions 23.3 (4.4) and 24.3 (4.5), posing significant risks to organizations utilizing these versions, allowing potential attackers to circumvent security measures and access sensitive information. Organizations are urged to review the security implications of this vulnerability and implement recommended updates to mitigate risks.",Opentext,Privileged Access Manager,8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T20:10:58.346Z,0
CVE-2021-22501,https://securityvulnerability.io/vulnerability/CVE-2021-22501,XML External Entity Reference Vulnerability in OpenText Operations Bridge Manager,"CVE-2021-22501 is a vulnerability affecting OpenText's Operations Bridge Manager, characterized by improper restriction of XML External Entity (XXE) references. This vulnerability allows attackers to manipulate input data, potentially leading to unauthorized access and exposure of sensitive information. The following versions of Operations Bridge Manager are affected: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, and 2020.10. Organizations using any of these versions should take immediate steps to patch and protect their systems to mitigate the risk of exploitation.",Opentext™,Operations Bridge Manager,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T16:55:09.921Z,0
CVE-2019-17082,https://securityvulnerability.io/vulnerability/CVE-2019-17082,Authentication Bypass Vulnerability in AccuRev for LDAP Integration,"The insufficiently protected credentials vulnerability in OpenText AccuRev presents a significant security risk, particularly for installations on Linux and Solaris systems. This flaw allows an attacker with knowledge of a valid AccuRev username to gain unauthorized access to AccuRev source control through the AccuRev client, bypassing the need for the user's password. Organizations using AccuRev 2017.1 must take immediate precautions to secure their systems against potential exploitation of this vulnerability.",Opentext™,Accurev,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-26T19:31:57.665Z,0
CVE-2024-10863,https://securityvulnerability.io/vulnerability/CVE-2024-10863,Audit Log Manipulation Vulnerability in OpenText Secure Content Manager,": Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4.



End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.",Opentext,Secure Content Manager,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:36:39.075Z,0
CVE-2021-38116,https://securityvulnerability.io/vulnerability/CVE-2021-38116,Potential Privilege Escalation Vulnerability in iManager,"An elevation of privilege vulnerability has been identified in the OpenText iManager, affecting all versions prior to 3.2.5. This flaw allows an attacker to gain unauthorized access and control over system resources. Implementing the latest security updates is crucial to mitigate potential risks associated with this vulnerability and protect sensitive information from unauthorized modifications.",Opentext,Imanager,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:43.211Z,0
CVE-2021-38117,https://securityvulnerability.io/vulnerability/CVE-2021-38117,Potential Command Injection Vulnerability Discovered in OpenText iManager,"A command injection vulnerability has been identified in OpenText™ iManager 3.2.4.0000, which could allow an attacker to execute arbitrary commands on the system. This could lead to unauthorized control over the application, enabling further attacks or data breaches. It is crucial to address this vulnerability to ensure the integrity and security of the affected systems.",Opentext,Imanager,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:41.566Z,0
CVE-2021-38118,https://securityvulnerability.io/vulnerability/CVE-2021-38118,Possible Improper Input Validation Vulnerability Discovered in OpenText iManager 3.2.4.0000,"An improper input validation vulnerability has been identified in OpenText™ iManager version 3.2.4.0000. This issue may allow malicious actors to exploit the system by providing unexpected or harmful input, potentially leading to unauthorized access, data manipulation, or compromise. Users of the affected version are advised to assess their security posture and implement necessary updates to mitigate any risks associated with this vulnerability.",Opentext,Imanager,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:40.183Z,0
CVE-2021-38119,https://securityvulnerability.io/vulnerability/CVE-2021-38119,Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager,"A reflected cross-site scripting vulnerability has been identified in OpenText™ iManager version 3.2.4.0000. This vulnerability allows attackers to inject malicious scripts into the application, which could be executed in the context of a user's browser. As a result, users may inadvertently execute harmful scripts that could compromise their session or extract sensitive information. Organizations using OpenText™ iManager are advised to review their security posture and implement appropriate safeguards to mitigate the risk associated with this vulnerability.",Opentext,Imanager,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:38.178Z,0
CVE-2021-38134,https://securityvulnerability.io/vulnerability/CVE-2021-38134,iManager 3.2.5.0000 Vulnerable to XSS Attacks,"A cross-site scripting (XSS) vulnerability has been identified in the OpenText iManager 3.2.5.0000, specifically in the URL access component. This vulnerability permits an attacker to inject malicious scripts into the web interface. Successful exploitation could lead to unauthorized access and manipulation of user sessions. Organizations using this version of OpenText iManager are advised to implement security measures to sanitize input and upgrade to a secure version to mitigate potential risks.",Opentext,Imanager,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:36.023Z,0
CVE-2021-38135,https://securityvulnerability.io/vulnerability/CVE-2021-38135,iManager External Service Interaction Vulnerability,"An external service interaction vulnerability has been identified in OpenText iManager version 3.2.6.0000. This flaw enables attackers to exploit the system through unintended interactions with external services, posing security risks and potential unauthorized access. Users of the affected version should implement security measures to mitigate potential threats and ensure system integrity.",Opentext,Imanager,8.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:34.561Z,0
CVE-2022-26324,https://securityvulnerability.io/vulnerability/CVE-2022-26324,Possible XSS in iManager URL for access Component,An improperly sanitized URL in the OpenText iManager's access component may allow attackers to execute cross-site scripting (XSS) attacks. This vulnerability could enable unauthorized access to sensitive information or manipulation of webpage content. Organizations using OpenText iManager 3.2.6.0000 are advised to apply available patches and implement security best practices to mitigate potential risks associated with this flaw.,Opentext,Imanager,7.6,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:33.159Z,0
CVE-2023-24466,https://securityvulnerability.io/vulnerability/CVE-2023-24466,iManager GET Parameter Injection Vulnerability,"An XML External Entity Injection vulnerability has been identified in OpenText™ iManager, specifically within the GET parameter of version 3.2.6.0200. This security flaw can allow attackers to exploit XML input, leading to potential disclosure of sensitive information or unauthorized access to system resources. Proper validation and sanitization of XML data inputs are crucial to mitigating such risks and ensuring the safety of the environment.",Opentext,Imanager,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:31.683Z,0
CVE-2023-24467,https://securityvulnerability.io/vulnerability/CVE-2023-24467,iManager GET Parameter Vulnerability,"A vulnerability in OpenText™ iManager allows for command injection through the manipulation of GET parameters. This flaw, identified in version 3.2.6.0000, could enable attackers to execute arbitrary commands on the server, potentially compromising user data and system integrity. Administrators are urged to assess their systems and apply necessary mitigations to address this security risk.",Opentext,Imanager,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-22T15:34:29.957Z,0
CVE-2024-10923,https://securityvulnerability.io/vulnerability/CVE-2024-10923,Improper Neutralization vulnerability has been discovered in OpenText™ ALM Octane Management.,"Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack. 

This issue affects ALM Octane Management: from 16.2.100 through 24.4.",Opentext™,Alm Octane Management,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-9841,https://securityvulnerability.io/vulnerability/CVE-2024-9841,Reflected Cross-Site Scripting (XSS) Vulnerability Identified in OpenText ArcSight Management Center and ArcSight Platform,"A reflected cross-site scripting (XSS) vulnerability exists in OpenText's ArcSight Management Center and ArcSight Platform. This security flaw allows attackers to inject malicious scripts into web applications, which can be executed in users' browsers. If exploited, this vulnerability could enable remote attackers to perform actions on behalf of users, potentially leading to unauthorized access to sensitive information and a compromise of the affected systems.",Opentext,"Arcsight Management Center,Arcsight Platform",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-08T17:58:53.697Z,0
CVE-2020-11859,https://securityvulnerability.io/vulnerability/CVE-2020-11859,iManager vulnerable to XSS via Improper Input Validation,"An improper input validation vulnerability exists in OpenText iManager, which allows an attacker to exploit the application and execute Cross-Site Scripting (XSS) attacks. This vulnerability potentially permits the injection of malicious scripts into web pages viewed by other users, compromising their data and enabling session hijacking. Systems utilizing versions of iManager prior to 3.2.3 are susceptible to this security flaw, necessitating immediate action to upgrade to a secure version and mitigate risk.",Opentext,Imanager,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-06T14:10:59.925Z,0
CVE-2024-5532,https://securityvulnerability.io/vulnerability/CVE-2024-5532,Cross-site Scripting Vulnerability in OpenText Operations Agent,"An XSS vulnerability in OpenText Operations Agent allows attackers with local admin permissions to alter the internal status page content of the Agent on the affected local systems. This could lead to unauthorized data manipulation and potential exploitation of user sessions. The issue affects several versions of the Operations Agent, emphasizing the need for users to update their software to mitigate risks associated with this vulnerability.",OpenText,Operations Agent,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-28T19:15:00.000Z,0
CVE-2024-4692,https://securityvulnerability.io/vulnerability/CVE-2024-4692,Incorrect Access Control Security Levels Allow for Unauthorized Data Access,"Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.


Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names.

This issue affects OpenText Application Automation Tools: 24.1.0 and below.",OpenText,Application Automation Tools,2.4,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-4184,https://securityvulnerability.io/vulnerability/CVE-2024-4184,DTD Injection Vulnerability in OpenText Application Automation Tools,"The vulnerability in OpenText Application Automation Tools arises from an improper restriction of XML External Entity (XXE) references. This flaw enables an attacker to exploit the application by injecting a Document Type Definition (DTD), which may lead to unauthorized access to sensitive information or manipulation of the application's data. Affected versions include OpenText Application Automation Tools 24.1.0 and earlier, highlighting the critical need for immediate remediation to safeguard against potential exploits.",OpenText,Application Automation Tools,8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2024-4211,https://securityvulnerability.io/vulnerability/CVE-2024-4211,Invalid Permission Checks in ALM Job Configuration Could Allow Access to Sensitive Data,"Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.


Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers.


This issue affects OpenText Application Automation Tools: 24.1.0 and below.",OpenText,Application Automation Tools,2.4,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-16T17:15:00.000Z,0
CVE-2023-32266,https://securityvulnerability.io/vulnerability/CVE-2023-32266,Untrusted Search Path Vulnerability Affects OpenText ALM and Quality Center,"Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.  

This issue affects Application Lifecycle Management (ALM),Quality Center: 15.00, 15.01, 15.01 P1, 15.01 P2, 15.01 P3, 15.01 P4, 15.01 P5, 15.51, 15.51 P1, 15.51 P2, 15.51 P3, 16.00, 16.01 P1.",Opentext™,"Application Lifecycle Management (alm),quality Center",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-16T16:28:39.168Z,0
CVE-2024-6360,https://securityvulnerability.io/vulnerability/CVE-2024-6360,Incorrect Permission Assignment in OpenText Vertica Affecting Multiple Versions,"An incorrect permission assignment vulnerability exists in OpenText Vertica that could lead to privilege abuse, allowing unauthorized access to sensitive resources such as the Vertica agent API key. This flaw affects several versions of Vertica, potentially compromising the security of the application and its data integrity.",OpenText,Vertica,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-02T16:15:00.000Z,0
CVE-2021-22503,https://securityvulnerability.io/vulnerability/CVE-2021-22503,eDirectory Web Page Generation Vulnerability,"A vulnerability has been identified in OpenText™ eDirectory, specifically relating to improper neutralization of input during web page generation. This issue, present in version 9.2.3.0000, could allow an attacker to exploit the application through inadequately sanitized data inputs, potentially leading to unexpected behaviors in the web application, including security breaches and data manipulation risks.",Opentext,Edirectory,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-12T12:44:45.771Z,0