Vulnerabilites related to OpenText - OpenText Content Management
CVE-2025-8716 (GCVE-0-2025-8716)
Vulnerability from cvelistv5
Published
2025-09-11 13:42
Modified
2025-09-11 14:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | OpenText Content Management |
Version: 20.4-25.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T14:16:13.503272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:16:18.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "OpenText Content Management",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "20.4-25.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armin Stock"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141 Cache Poisoning"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T13:42:01.686Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847046"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cache exploitation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8716",
"datePublished": "2025-09-11T13:42:01.686Z",
"dateReserved": "2025-08-07T16:57:28.140Z",
"dateUpdated": "2025-09-11T14:16:18.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12543 (GCVE-0-2024-12543)
Vulnerability from cvelistv5
Published
2025-04-21 15:14
Modified
2025-04-21 15:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-841 - Improper Enforcement of Behavioral Workflow
Summary
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | OpenText Content Management |
Version: 24.3-25.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T15:36:33.301804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T15:36:51.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "OpenText Content Management",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "24.3-25.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hussein Bahmad (NTT Data)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes."
}
],
"value": "User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-841",
"description": "CWE-841: Improper Enforcement of Behavioral Workflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T15:14:20.984Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0839119"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A user enumeration and subsequent data integrity vulnerability affecting barcode functionality",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-12543",
"datePublished": "2025-04-21T15:14:20.984Z",
"dateReserved": "2024-12-11T21:04:20.710Z",
"dateUpdated": "2025-04-21T15:36:51.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12863 (GCVE-0-2024-12863)
Vulnerability from cvelistv5
Published
2025-04-21 15:13
Modified
2025-04-21 15:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText | OpenText Content Management |
Version: 20.2-25.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T15:18:43.387563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T15:24:29.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "OpenText Content Management",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "20.2-25.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hussein Bahmad (NTT Data)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system."
}
],
"value": "Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T15:13:04.555Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0839121"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored XSS in Discussions functionality",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-12863",
"datePublished": "2025-04-21T15:13:04.555Z",
"dateReserved": "2024-12-20T18:07:11.848Z",
"dateUpdated": "2025-04-21T15:24:29.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}