CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 2:1 a.m.•7 views

CVE-2023-24467

Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000...

9.8CVSS7.4AI score0.0074EPSS

RedhatCVE•added 2025/05/23 1:14 a.m.•6 views

CVE-2022-41221

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client Versions 16.2.3, 21.2, and older versions could upload XML files to the application that it did not sufficiently validate. As a result,...

7.1CVSS7AI score0.00116EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:19 a.m.•7 views

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

8.8CVSS7.8AI score0.01244EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 12:19 a.m.•5 views

CVE-2022-45923

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Common Gateway Interface CGI program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker...

8.8CVSS6.9AI score0.03068EPSS

Exploits2References1

RedhatCVE•added 2025/05/22 11:9 p.m.•4 views

CVE-2022-35898

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account...

9.8CVSS6.9AI score0.00373EPSS

RedhatCVE•added 2025/05/22 9:49 p.m.•5 views

CVE-2022-45925

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remoteadde and servername,...

7.5CVSS6.6AI score0.01743EPSS

RedhatCVE•added 2025/05/22 9:46 p.m.•5 views

CVE-2022-45924

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem...

8.1CVSS6.7AI score0.01233EPSS

RedhatCVE•added 2025/05/22 9:46 p.m.•7 views

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...

8.8CVSS6.9AI score0.02803EPSS

RedhatCVE•added 2025/05/22 9:46 p.m.•8 views

CVE-2022-45922

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the...

8.8CVSS6.9AI score0.02086EPSS

RedhatCVE•added 2025/05/22 9:44 p.m.•6 views

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

8.8CVSS6.7AI score0.02004EPSS

RedhatCVE•added 2025/05/22 9:29 p.m.•8 views

CVE-2021-3010

There are multiple persistent cross-site scripting XSS vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized...

5.4CVSS6.1AI score0.00187EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:25 p.m.•7 views

CVE-2021-38131

Possible Cross-Site Scripting XSS Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000...

6.1CVSS6.1AI score0.00206EPSS

RedhatCVE•added 2025/05/22 9:25 p.m.•5 views

CVE-2021-38117

Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000...

9.8CVSS8.9AI score0.00816EPSS

RedhatCVE•added 2025/05/22 8:8 p.m.•4 views

CVE-2021-38133

Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000...

7.4CVSS7AI score0.003EPSS

RedhatCVE•added 2025/05/22 6:41 p.m.•2 views

CVE-2021-22518

A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0...

5.8CVSS6.5AI score0.00046EPSS

RedhatCVE•added 2025/05/22 6:32 p.m.•5 views

CVE-2021-31501

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

4.3CVSS6AI score0.00309EPSS

RedhatCVE•added 2025/05/22 6:9 p.m.•6 views

CVE-2021-38135

Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000...

9.8CVSS7AI score0.00095EPSS

RedhatCVE•added 2025/05/22 6:9 p.m.•5 views

CVE-2021-38119

Possible Reflected Cross-Site Scripting XSS Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000...

6.1CVSS6.1AI score0.0016EPSS