Opentext : Security Vulnerabilities, CVEs, CVSS score >= 9
OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-05-01
Updated
2023-05-06
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory listings or system files, or cause SSRF or Denial of Service.
Max CVSS
9.8
EPSS Score
0.24%
Published
2017-10-03
Updated
2017-10-11
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532.
Max CVSS
9.0
EPSS Score
0.72%
Published
2017-04-21
Updated
2019-10-03
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.
Max CVSS
9.8
EPSS Score
9.41%
Published
2017-02-22
Updated
2017-03-01
4 vulnerabilities found