Design/Logic Flaw

The client in OpenText Exceed OnDemand EoD 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses...

Session fixation

OpenText Exceed OnDemand EoD 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network...

Design/Logic Flaw

OpenText Exceed OnDemand EoD 8 uses weak encryption for passwords, which makes it easier for 1 remote attackers to discover credentials by sniffing the network or 2 local users to discover credentials by reading a .eod8 file...

CVE-2013-6805

OpenText Exceed OnDemand EoD 8 uses weak encryption for passwords, which makes it easier for 1 remote attackers to discover credentials by sniffing the network or 2 local users to discover credentials by reading a .eod8 file...

CVE-2013-6807

The client in OpenText Exceed OnDemand EoD 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses...

CVE-2013-6806

OpenText Exceed OnDemand EoD 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext...

CVE-2013-6994

CVE-2013-6994 affects OpenText Exceed OnDemand (EoD) 8. The issue is that the session ID is transmitted in cleartext, allowing remote attackers to perform session fixation by sniffing the network. The NVD entry documents a network-based attack with low attack complexity and no required authentica...

CVE-2013-6805

OpenText Exceed OnDemand (EoD) 8 is affected by CVE-2013-6805 due to weak password encryption. The vulnerability enables credential disclosure either by sniffing network traffic or by local access reading a .eod8 file. The description does not specify affected versions beyond EoD 8, nor the exact...

CVE-2013-6994

OpenText Exceed OnDemand EoD 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network...

CVE-2013-6806

The CVE-2013-6806 entry concerns OpenText Exceed OnDemand (EoD) 8. A crafted response string allows a man-in-the-middle to disable bidirectional authentication, triggering a downgrade to simple authentication and sending credentials in plaintext. The vulnerability is network-exploitable with medi...

CVE-2013-6807

CVE-2013-6807 affects OpenText Exceed OnDemand (EoD) 8. The vulnerability arises because the client supports anonymous ciphers by default, enabling man-in-the-middle attackers to bypass server certificate validation, redirect connections, and obtain sensitive information from crafted responses. R...

CVE-2013-3243

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...

Security feature bypass

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...

CVE-2013-3243

Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver allows remote attackers to execute arbitrary ABAP code via unknown vectors...

CVE-2013-3243

The CVE-2013-3243 issue affects OpenText/IXOS ECM for SAP NetWeaver (Doculink). It is a Remote ABAP Injection vulnerability that, per ESNC, could allow an attacker to inject and execute ABAP code on a remote SAP system. An exploit is claimed to exist in ESNC’s suite; vendor patching information p...

OpenText/IXOS ECM for SAP NetWeaver code exeution

ABAP code injection...

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

CVE-2010-5283

Cross-site request forgery CSRF vulnerability in OpenText ECM formerly Livelink ECM 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenText ECM formerly Livelink ECM 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 viewType and 2 sort parameters in a browse action to livelink/livelink; and the 3 nodeid, 4 setctx, and 5 support parameters to...

CVE-2010-5282

Multiple cross-site scripting XSS vulnerabilities in OpenText ECM formerly Livelink ECM 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the 1 viewType and 2 sort parameters in a browse action to livelink/livelink; and the 3 nodeid, 4 setctx, and 5 support parameters to...