| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. |
| The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. |
| The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. |
| External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2. |
| Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2. |
| External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file
path and then download the specified file from the system by requesting the
stored document ID.
This issue affects Flipper: 3.1.2. |
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.
This issue affects Flipper: 3.1.2. |
| SQL Injection vulnerability in opentext Flipper allows SQL Injection.
The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.
This issue affects Flipper: 3.1.2. |
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.
This issue affects Flipper: 3.1.2. |
| In a specific scenario a LDAP user can abuse the authentication process using injection attack in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) |
| In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known. |
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. |
| A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. |
| An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. |
| A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0. |
| Allocation of Resources Without Limits or Throttling vulnerability in OpenText NetIQ Privileged Account Manager on Linux, Windows, 64 bit allows Flooding.This issue affects NetIQ Privileged Account Manager: before 3.7.0.2.
|
| CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.
|
| Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. |
| Possible improper input validation Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The
vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4. |
