Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    86 vulnerabilities by OpenText™

    CVE-2026-3278 (GCVE-0-2026-3278)

    Vulnerability from nvd – Published: 2026-03-18 13:49 – Updated: 2026-03-18 14:12
    VLAI
    Title
    XSS Vulnerability discovered in OpenText™ ZENworks Service Desk.
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ ZENworks Service Desk Affected: 25.2
    Affected: 25.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T14:10:10.301019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T14:12:07.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ZENworks Service Desk",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "25.2"
                },
                {
                  "status": "affected",
                  "version": "25.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 ZENworks Service Desk allows Cross-Site Scripting (XSS).\u0026nbsp;The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.\u003cp\u003eThis issue affects ZENworks Service Desk: 25.2, 25.3.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 ZENworks Service Desk allows Cross-Site Scripting (XSS).\u00a0The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T13:49:28.815Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045873?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045873?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045873?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XSS Vulnerability discovered in OpenText\u2122 ZENworks Service Desk.",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-3278",
        "datePublished": "2026-03-18T13:49:28.815Z",
        "dateReserved": "2026-02-26T15:39:16.290Z",
        "dateUpdated": "2026-03-18T14:12:07.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12455 (GCVE-0-2025-12455)

    Vulnerability from nvd – Published: 2026-03-13 18:30 – Updated: 2026-03-13 19:33
    VLAI
    Title
    Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.   The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable response discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 10.0 , ≤ 10.x (custom)
    Affected: 11.0 , ≤ 11.x (custom)
    Affected: 12.0 , ≤ 12.x (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12455",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:33:33.057816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:33:40.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "10.x",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.x",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.x",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u0026nbsp;\u0026nbsp;\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.\u003c/p\u003e"
                }
              ],
              "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-49",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-49 Password Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable response discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T18:30:27.903Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-12455",
        "datePublished": "2026-03-13T18:30:27.903Z",
        "dateReserved": "2025-10-28T21:28:44.651Z",
        "dateUpdated": "2026-03-13T19:33:40.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12454 (GCVE-0-2025-12454)

    Vulnerability from nvd – Published: 2026-03-13 18:30 – Updated: 2026-03-13 19:33
    VLAI
    Title
    Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 10.0 , ≤ 10.x (custom)
    Affected: 11.0 , ≤ 11.x (custom)
    Affected: 12.0 , ≤ 12.x (custom)
    Affected: 23.0 , ≤ 23.x (custom)
    Affected: 24.0 , ≤ 24.x (custom)
    Affected: 25.1.0 , ≤ 25.1.x (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12454",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:33:51.059348Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:33:59.150Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "10.x",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.x",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.x",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.x",
                  "status": "affected",
                  "version": "23.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.x",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.1.x",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u0026nbsp;\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u00a0\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T18:30:40.822Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045853?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045853?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045853?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-12454",
        "datePublished": "2026-03-13T18:30:40.822Z",
        "dateReserved": "2025-10-28T21:28:35.834Z",
        "dateUpdated": "2026-03-13T19:33:59.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12453 (GCVE-0-2025-12453)

    Vulnerability from nvd – Published: 2026-03-13 18:30 – Updated: 2026-03-13 19:34
    VLAI
    Title
    Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 10.0 , ≤ 10.x (custom)
    Affected: 11.0 , ≤ 11.x (custom)
    Affected: 12.0 , ≤ 12.x (custom)
    Affected: 23.0 , ≤ 23.x (custom)
    Affected: 24.0 , ≤ 24.x (custom)
    Affected: 25.1.0 , ≤ 25.1.x (custom)
    Affected: 25.2.0 , ≤ 25.2.x (custom)
    Affected: 25.3.0 , ≤ 25.3.x (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12453",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:34:12.635859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:34:21.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "10.x",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.x",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.x",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.x",
                  "status": "affected",
                  "version": "23.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.x",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.1.x",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.2.x",
                  "status": "affected",
                  "version": "25.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.3.x",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u0026nbsp;\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u00a0\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T18:30:53.495Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045852?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045852?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045852?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-12453",
        "datePublished": "2026-03-13T18:30:53.495Z",
        "dateReserved": "2025-10-28T21:28:28.343Z",
        "dateUpdated": "2026-03-13T19:34:21.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3266 (GCVE-0-2026-3266)

    Vulnerability from nvd – Published: 2026-03-03 22:28 – Updated: 2026-03-04 16:26
    VLAI
    Title
    Improper access control vulnerability has been discovered in OpenText™ Filr.
    Summary
    Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Filr Affected: 0 , ≤ 25.1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T16:26:21.725679Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T16:26:30.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Filr",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in OpenText\u2122 Filr allows Authentication Bypass.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Filr: through 25.1.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in OpenText\u2122 Filr allows Authentication Bypass.\u00a0The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs.\n\nThis issue affects Filr: through 25.1.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "IRRECOVERABLE",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T22:28:52.816Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045579?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000045579?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000045579?language=en_US\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045579?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper access control vulnerability has been discovered in OpenText\u2122 Filr.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-3266",
        "datePublished": "2026-03-03T22:28:52.816Z",
        "dateReserved": "2026-02-26T14:50:44.358Z",
        "dateUpdated": "2026-03-04T16:26:30.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9120 (GCVE-0-2025-9120)

    Vulnerability from nvd – Published: 2026-02-24 00:03 – Updated: 2026-02-24 16:35
    VLAI
    Title
    RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.
    Summary
    Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.  The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Carbonite Safe Server Backup Affected: 0 , ≤ 6.8.3 (custom)
    Create a notification for this product.
    Credits
    Harrison Neal
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9120",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:34:47.026099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:35:24.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Carbonite Safe Server Backup",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "6.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harrison Neal"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Carbonite Safe Server Backup: through 6.8.3.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u00a0\n\nThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\n\nThis issue affects Carbonite Safe Server Backup: through 6.8.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T00:03:08.646Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\"\u003ehttps://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RCE vulnerability has been discovered in OpenText\u2122 Carbonite Safe Server Backup.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-9120",
        "datePublished": "2026-02-24T00:03:08.646Z",
        "dateReserved": "2025-08-18T18:06:33.953Z",
        "dateUpdated": "2026-02-24T16:35:24.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1658 (GCVE-0-2026-1658)

    Vulnerability from nvd – Published: 2026-02-19 22:40 – Updated: 2026-03-02 15:56
    VLAI
    Title
    Content spoofing vulnerability discovered in OpenText™ Directory Services
    Summary
    User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Directory Services Affected: 20.4.1 , ≤ 25.2 (custom)
    Create a notification for this product.
    Credits
    Andrej Šimko of Accenture
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:56:36.298446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:56:48.806Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Directory Services",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "25.2",
                  "status": "affected",
                  "version": "20.4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrej \u0160imko of Accenture"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Directory Services: from 20.4.1 through 25.2.\u003c/p\u003e"
                }
              ],
              "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-141",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-141 Cache Poisoning"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "CLEAR",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:40:33.406Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Content spoofing vulnerability discovered in OpenText\u2122 Directory Services",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-1658",
        "datePublished": "2026-02-19T22:40:33.406Z",
        "dateReserved": "2026-01-29T20:02:02.908Z",
        "dateUpdated": "2026-03-02T15:56:48.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9208 (GCVE-0-2025-9208)

    Vulnerability from nvd – Published: 2026-02-19 22:37 – Updated: 2026-02-24 14:34
    VLAI
    Title
    Stored-XSS vulnerability discovered in OpenText WSM Management Server.
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Web Site Management Server Affected: 16.7.x
    Affected: 16.8
    Affected: 16.8.1
    Create a notification for this product.
    Credits
    Murat Altindis
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:18:37.430755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:18:43.604Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-24T14:34:34.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-9208/README.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Site Management Server",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.7.x"
                },
                {
                  "status": "affected",
                  "version": "16.8"
                },
                {
                  "status": "affected",
                  "version": "16.8.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Murat Altindis"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.\n\nThis issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:37:19.208Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854844"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854844\"\u003ehttps://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854844\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854844"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stored-XSS vulnerability discovered in OpenText WSM Management Server.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-9208",
        "datePublished": "2026-02-19T22:37:19.208Z",
        "dateReserved": "2025-08-19T18:53:11.073Z",
        "dateUpdated": "2026-02-24T14:34:34.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8055 (GCVE-0-2025-8055)

    Vulnerability from nvd – Published: 2026-02-19 22:21 – Updated: 2026-02-23 18:12
    VLAI
    Title
    SSRF vulnerability have been discovered in OpenText™ XM Fax
    Summary
    Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ XM Fax Affected: 24.2
    Create a notification for this product.
    Credits
    Inetum Hacking team, leaded in this research by Ángel M Sequeira and with the help of @cr33pb0y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:11:09.453344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:12:27.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "XM Fax",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Inetum Hacking team, leaded in this research by \u00c1ngel M Sequeira and with the help of @cr33pb0y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow an attacker to\u003c/span\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eperform blind SSRF to other systems accessible from the XM Fax server.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects XM Fax: 24.2.\u003c/p\u003e"
                }
              ],
              "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u00a0\n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:21:06.831Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSRF vulnerability have been discovered in OpenText\u2122 XM Fax",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-8055",
        "datePublished": "2026-02-19T22:21:06.831Z",
        "dateReserved": "2025-07-22T13:07:46.734Z",
        "dateUpdated": "2026-02-23T18:12:27.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8054 (GCVE-0-2025-8054)

    Vulnerability from nvd – Published: 2026-02-19 22:21 – Updated: 2026-02-23 18:14
    VLAI
    Title
    Path Traversal vulnerability have been discovered in OpenText™ XM Fax.
    Summary
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal.  The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ XM Fax Affected: 24.2
    Create a notification for this product.
    Credits
    Inetum Hacking team, leaded in this research by Ángel M Sequeira and with the help of @cr33pb0y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:13:15.750473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:14:02.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "XM Fax",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Inetum Hacking team, leaded in this research by \u00c1ngel M Sequeira and with the help of @cr33pb0y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText\u2122 XM Fax allows Path Traversal.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem.\u0026nbsp;\u003c/span\u003e\u003cp\u003eThis issue affects XM Fax: 24.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText\u2122 XM Fax allows Path Traversal.\u00a0\n\nThe vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem.\u00a0This issue affects XM Fax: 24.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:21:22.483Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Path Traversal vulnerability have been discovered in OpenText\u2122 XM Fax.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-8054",
        "datePublished": "2026-02-19T22:21:22.483Z",
        "dateReserved": "2025-07-22T13:07:37.061Z",
        "dateUpdated": "2026-02-23T18:14:02.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13672 (GCVE-0-2025-13672)

    Vulnerability from nvd – Published: 2026-02-19 22:36 – Updated: 2026-02-24 14:42
    VLAI
    Title
    Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Web Site Management Server Affected: 16.7.0
    Affected: 16.7.1
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:14:57.003270Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:15:35.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-24T14:42:46.727Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13672/README.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Site Management Server",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.7.0"
                },
                {
                  "status": "affected",
                  "version": "16.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Reflected XSS. The vulnerability could allow\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einjecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Web Site Management Server: 16.7.0, 16.7.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Reflected XSS. The vulnerability could allow\u00a0injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side.\n\nThis issue affects Web Site Management Server: 16.7.0, 16.7.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:36:33.467Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854847"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854847\"\u003ehttps://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854847\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-13672",
        "datePublished": "2026-02-19T22:36:33.467Z",
        "dateReserved": "2025-11-25T17:03:44.542Z",
        "dateUpdated": "2026-02-24T14:42:46.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13671 (GCVE-0-2025-13671)

    Vulnerability from nvd – Published: 2026-02-19 22:36 – Updated: 2026-02-24 14:39
    VLAI
    Title
    Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Web Site Management Server Affected: 16.7.0
    Affected: 16.7.1
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13671",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:16:51.402681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:17:02.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-24T14:39:58.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13671/README.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Site Management Server",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.7.0"
                },
                {
                  "status": "affected",
                  "version": "16.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web Site Management Server allows Cross Site Request Forgery. The vulnerability could\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emake a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Web Site Management Server: 16.7.0, 16.7.1.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web Site Management Server allows Cross Site Request Forgery. The vulnerability could\u00a0make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously.\n\nThis issue affects Web Site Management Server: 16.7.0, 16.7.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:36:49.083Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854846"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854846\"\u003ehttps://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854846\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854846"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-13671",
        "datePublished": "2026-02-19T22:36:49.083Z",
        "dateReserved": "2025-11-25T17:03:33.972Z",
        "dateUpdated": "2026-02-24T14:39:58.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15579 (GCVE-0-2025-15579)

    Vulnerability from nvd – Published: 2026-02-18 14:57 – Updated: 2026-02-27 21:46
    VLAI
    Title
    An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
    Summary
    Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.  The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Directory Services Affected: 0 , < 24.4.16 (custom)
    Affected: 25.1 , < 25.1.9 (custom)
    Affected: 25.2 , < 25.2.9 (custom)
    Affected: 25.3 , < 25.3.8 (custom)
    Affected: 25.4 , < 25.4.5 (custom)
    Affected: 26.1 , < 26.1.2 (custom)
    Create a notification for this product.
    Credits
    Dylan Pindur - Assetnote Adam Kues - Assetnote Tomais Williamson - Assetnote
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T18:19:55.256380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T18:20:06.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Directory Services",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThan": "24.4.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.1.9",
                  "status": "affected",
                  "version": "25.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2.9",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.3.8",
                  "status": "affected",
                  "version": "25.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4.5",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.1.2",
                  "status": "affected",
                  "version": "26.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dylan Pindur - Assetnote"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adam Kues - Assetnote"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Tomais Williamson - Assetnote"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability could lead to remote code execution, denial of service, or privilege escalation.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.\u003c/p\u003e"
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection.\u00a0\n\nThe vulnerability could lead to remote code execution, denial of service, or privilege escalation.\n\nThis issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T21:46:44.623Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An Insecure Deserialization vulnerability has been discovered in OpenText\u2122 Directory Services.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-15579",
        "datePublished": "2026-02-18T14:57:04.010Z",
        "dateReserved": "2026-02-17T15:58:22.563Z",
        "dateUpdated": "2026-02-27T21:46:44.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9432 (GCVE-0-2024-9432)

    Vulnerability from nvd – Published: 2026-01-30 18:31 – Updated: 2026-01-30 19:29
    VLAI
    Title
    Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data.   The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 23.x (custom)
    Affected: 24.x
    Affected: 25.x
    Create a notification for this product.
    Credits
    Davide Brian Di Campi, TIM Security Red Team Research Massimiliano Brolli, TIM Security Red Team Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-30T19:29:45.564285Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-30T19:29:53.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.x",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "24.x"
                },
                {
                  "status": "affected",
                  "version": "25.x"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Davide Brian Di Campi, TIM Security Red Team Research"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Massimiliano Brolli, TIM Security Red Team Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information vulnerability in OpenText\u2122 Vertica allows Retrieve Embedded Sensitive Data.\u0026nbsp;\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could read Vertica agent plaintext apikey.\u003c/span\u003e\u003cp\u003eThis issue affects Vertica versions: 23.X, 24.X, 25.X.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "Cleartext Storage of Sensitive Information vulnerability in OpenText\u2122 Vertica allows Retrieve Embedded Sensitive Data.\u00a0\u00a0\n\nThe vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-30T18:31:31.448Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000044937?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000044937?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000044937?language=en_US\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000044937?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2024-9432",
        "datePublished": "2026-01-30T18:31:31.448Z",
        "dateReserved": "2024-10-02T15:18:41.223Z",
        "dateUpdated": "2026-01-30T19:29:53.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11884 (GCVE-0-2025-11884)

    Vulnerability from nvd – Published: 2025-11-19 21:13 – Updated: 2025-11-20 14:35
    VLAI
    Title
    Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ uCMDB Affected: 24.4
    Create a notification for this product.
    Credits
    Mateusz "MaTTallica" Klement
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11884",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-20T14:35:18.595822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-20T14:35:24.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "uCMDB",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mateusz \"MaTTallica\" Klement"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow\u0026nbsp;an\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker has high level access to UCMDB to create or update data with malicious scripts\u003c/span\u003e\n\n\u003cp\u003eThis issue affects uCMDB: 24.4.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow\u00a0an\u00a0attacker has high level access to UCMDB to create or update data with malicious scripts\n\nThis issue affects uCMDB: 24.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-19T21:13:48.572Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000043674?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000043674?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000043674?language=en_US\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000043674?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting vulnerability discovered in OpenText\u2122 Universal Discovery and CMDB",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-11884",
        "datePublished": "2025-11-19T21:13:48.572Z",
        "dateReserved": "2025-10-16T17:50:24.435Z",
        "dateUpdated": "2025-11-20T14:35:24.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3278 (GCVE-0-2026-3278)

    Vulnerability from cvelistv5 – Published: 2026-03-18 13:49 – Updated: 2026-03-18 14:12
    VLAI
    Title
    XSS Vulnerability discovered in OpenText™ ZENworks Service Desk.
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ ZENworks Service Desk Affected: 25.2
    Affected: 25.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T14:10:10.301019Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T14:12:07.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ZENworks Service Desk",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "25.2"
                },
                {
                  "status": "affected",
                  "version": "25.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 ZENworks Service Desk allows Cross-Site Scripting (XSS).\u0026nbsp;The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.\u003cp\u003eThis issue affects ZENworks Service Desk: 25.2, 25.3.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 ZENworks Service Desk allows Cross-Site Scripting (XSS).\u00a0The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T13:49:28.815Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045873?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045873?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045873?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "XSS Vulnerability discovered in OpenText\u2122 ZENworks Service Desk.",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-3278",
        "datePublished": "2026-03-18T13:49:28.815Z",
        "dateReserved": "2026-02-26T15:39:16.290Z",
        "dateUpdated": "2026-03-18T14:12:07.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12453 (GCVE-0-2025-12453)

    Vulnerability from cvelistv5 – Published: 2026-03-13 18:30 – Updated: 2026-03-13 19:34
    VLAI
    Title
    Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 10.0 , ≤ 10.x (custom)
    Affected: 11.0 , ≤ 11.x (custom)
    Affected: 12.0 , ≤ 12.x (custom)
    Affected: 23.0 , ≤ 23.x (custom)
    Affected: 24.0 , ≤ 24.x (custom)
    Affected: 25.1.0 , ≤ 25.1.x (custom)
    Affected: 25.2.0 , ≤ 25.2.x (custom)
    Affected: 25.3.0 , ≤ 25.3.x (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12453",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:34:12.635859Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:34:21.690Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "10.x",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.x",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.x",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.x",
                  "status": "affected",
                  "version": "23.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.x",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.1.x",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.2.x",
                  "status": "affected",
                  "version": "25.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.3.x",
                  "status": "affected",
                  "version": "25.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u0026nbsp;\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u00a0\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T18:30:53.495Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045852?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045852?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045852?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-12453",
        "datePublished": "2026-03-13T18:30:53.495Z",
        "dateReserved": "2025-10-28T21:28:28.343Z",
        "dateUpdated": "2026-03-13T19:34:21.690Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12454 (GCVE-0-2025-12454)

    Vulnerability from cvelistv5 – Published: 2026-03-13 18:30 – Updated: 2026-03-13 19:33
    VLAI
    Title
    Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 10.0 , ≤ 10.x (custom)
    Affected: 11.0 , ≤ 11.x (custom)
    Affected: 12.0 , ≤ 12.x (custom)
    Affected: 23.0 , ≤ 23.x (custom)
    Affected: 24.0 , ≤ 24.x (custom)
    Affected: 25.1.0 , ≤ 25.1.x (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12454",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:33:51.059348Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:33:59.150Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "10.x",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.x",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.x",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "23.x",
                  "status": "affected",
                  "version": "23.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.x",
                  "status": "affected",
                  "version": "24.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "25.1.x",
                  "status": "affected",
                  "version": "25.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u0026nbsp;\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText\u2122 Vertica allows Reflected XSS.\u00a0\nThe vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T18:30:40.822Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045853?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045853?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045853?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper neutralization of input during web page generation vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-12454",
        "datePublished": "2026-03-13T18:30:40.822Z",
        "dateReserved": "2025-10-28T21:28:35.834Z",
        "dateUpdated": "2026-03-13T19:33:59.150Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12455 (GCVE-0-2025-12455)

    Vulnerability from cvelistv5 – Published: 2026-03-13 18:30 – Updated: 2026-03-13 19:33
    VLAI
    Title
    Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing.   The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable response discrepancy
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 10.0 , ≤ 10.x (custom)
    Affected: 11.0 , ≤ 11.x (custom)
    Affected: 12.0 , ≤ 12.x (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12455",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-13T19:33:33.057816Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-13T19:33:40.096Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "10.x",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.x",
                  "status": "affected",
                  "version": "11.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.x",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u0026nbsp;\u0026nbsp;\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.\u003cp\u003eThis issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.\u003c/p\u003e"
                }
              ],
              "value": "Observable response discrepancy vulnerability in OpenText\u2122 Vertica allows Password Brute Forcing.\u00a0\u00a0\nThe vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-49",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-49 Password Brute Forcing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:Y/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable response discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-13T18:30:27.903Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045854?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-12455",
        "datePublished": "2026-03-13T18:30:27.903Z",
        "dateReserved": "2025-10-28T21:28:44.651Z",
        "dateUpdated": "2026-03-13T19:33:40.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3266 (GCVE-0-2026-3266)

    Vulnerability from cvelistv5 – Published: 2026-03-03 22:28 – Updated: 2026-03-04 16:26
    VLAI
    Title
    Improper access control vulnerability has been discovered in OpenText™ Filr.
    Summary
    Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Filr Affected: 0 , ≤ 25.1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T16:26:21.725679Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-04T16:26:30.989Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Filr",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "25.1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in OpenText\u2122 Filr allows Authentication Bypass.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Filr: through 25.1.2.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in OpenText\u2122 Filr allows Authentication Bypass.\u00a0The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs.\n\nThis issue affects Filr: through 25.1.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "IRRECOVERABLE",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/R:I/V:D/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-03T22:28:52.816Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000045579?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000045579?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000045579?language=en_US\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000045579?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper access control vulnerability has been discovered in OpenText\u2122 Filr.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-3266",
        "datePublished": "2026-03-03T22:28:52.816Z",
        "dateReserved": "2026-02-26T14:50:44.358Z",
        "dateUpdated": "2026-03-04T16:26:30.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9120 (GCVE-0-2025-9120)

    Vulnerability from cvelistv5 – Published: 2026-02-24 00:03 – Updated: 2026-02-24 16:35
    VLAI
    Title
    RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.
    Summary
    Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.  The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Carbonite Safe Server Backup Affected: 0 , ≤ 6.8.3 (custom)
    Create a notification for this product.
    Credits
    Harrison Neal
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9120",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-24T16:34:47.026099Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-24T16:35:24.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Carbonite Safe Server Backup",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "6.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harrison Neal"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(254, 254, 254);\"\u003eThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Carbonite Safe Server Backup: through 6.8.3.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Carbonite Safe Server Backup allows Code Injection.\u00a0\n\nThe vulnerability could be exploited through an open port, potentially allowing unauthorized access.\n\nThis issue affects Carbonite Safe Server Backup: through 6.8.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-24T00:03:08.646Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\"\u003ehttps://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.carbonite.com/articles/Security-Bulletin-for-Carbonite-Safe-Server-Backup-09-12-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "RCE vulnerability has been discovered in OpenText\u2122 Carbonite Safe Server Backup.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-9120",
        "datePublished": "2026-02-24T00:03:08.646Z",
        "dateReserved": "2025-08-18T18:06:33.953Z",
        "dateUpdated": "2026-02-24T16:35:24.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1658 (GCVE-0-2026-1658)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:40 – Updated: 2026-03-02 15:56
    VLAI
    Title
    Content spoofing vulnerability discovered in OpenText™ Directory Services
    Summary
    User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Directory Services Affected: 20.4.1 , ≤ 25.2 (custom)
    Create a notification for this product.
    Credits
    Andrej Šimko of Accenture
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1658",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-02T15:56:36.298446Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-02T15:56:48.806Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Directory Services",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThanOrEqual": "25.2",
                  "status": "affected",
                  "version": "20.4.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrej \u0160imko of Accenture"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Directory Services: from 20.4.1 through 25.2.\u003c/p\u003e"
                }
              ],
              "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-141",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-141 Cache Poisoning"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "CLEAR",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:40:33.406Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Content spoofing vulnerability discovered in OpenText\u2122 Directory Services",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-1658",
        "datePublished": "2026-02-19T22:40:33.406Z",
        "dateReserved": "2026-01-29T20:02:02.908Z",
        "dateUpdated": "2026-03-02T15:56:48.806Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9208 (GCVE-0-2025-9208)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:37 – Updated: 2026-02-24 14:34
    VLAI
    Title
    Stored-XSS vulnerability discovered in OpenText WSM Management Server.
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Web Site Management Server Affected: 16.7.x
    Affected: 16.8
    Affected: 16.8.1
    Create a notification for this product.
    Credits
    Murat Altindis
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9208",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:18:37.430755Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:18:43.604Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-24T14:34:34.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-9208/README.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Site Management Server",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.7.x"
                },
                {
                  "status": "affected",
                  "version": "16.8"
                },
                {
                  "status": "affected",
                  "version": "16.8.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Murat Altindis"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data.\n\nThis issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:37:19.208Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854844"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854844\"\u003ehttps://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854844\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854844"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stored-XSS vulnerability discovered in OpenText WSM Management Server.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-9208",
        "datePublished": "2026-02-19T22:37:19.208Z",
        "dateReserved": "2025-08-19T18:53:11.073Z",
        "dateUpdated": "2026-02-24T14:34:34.043Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13671 (GCVE-0-2025-13671)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:36 – Updated: 2026-02-24 14:39
    VLAI
    Title
    Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Web Site Management Server Affected: 16.7.0
    Affected: 16.7.1
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13671",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:16:51.402681Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:17:02.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-24T14:39:58.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13671/README.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Site Management Server",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.7.0"
                },
                {
                  "status": "affected",
                  "version": "16.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web Site Management Server allows Cross Site Request Forgery. The vulnerability could\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emake a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Web Site Management Server: 16.7.0, 16.7.1.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in OpenText\u2122 Web Site Management Server allows Cross Site Request Forgery. The vulnerability could\u00a0make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously.\n\nThis issue affects Web Site Management Server: 16.7.0, 16.7.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:N/SC:L/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:36:49.083Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854846"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854846\"\u003ehttps://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854846\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854846"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross Site request forgery vulnerability discovered in OpenText WSM Management Server.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-13671",
        "datePublished": "2026-02-19T22:36:49.083Z",
        "dateReserved": "2025-11-25T17:03:33.972Z",
        "dateUpdated": "2026-02-24T14:39:58.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13672 (GCVE-0-2025-13672)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:36 – Updated: 2026-02-24 14:42
    VLAI
    Title
    Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Web Site Management Server Affected: 16.7.0
    Affected: 16.7.1
    Create a notification for this product.
    Credits
    Mario Tesoro
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13672",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:14:57.003270Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:15:35.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-02-24T14:42:46.727Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://github.com/MarioTesoro/vulnerability-research/blob/main/CVE-2025-13672/README.md"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Web Site Management Server",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "16.7.0"
                },
                {
                  "status": "affected",
                  "version": "16.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mario Tesoro"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Reflected XSS. The vulnerability could allow\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003einjecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Web Site Management Server: 16.7.0, 16.7.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in OpenText\u2122 Web Site Management Server allows Reflected XSS. The vulnerability could allow\u00a0injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side.\n\nThis issue affects Web Site Management Server: 16.7.0, 16.7.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/S:P/AU:N/R:U/V:D/RE:H/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "HIGH"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:36:33.467Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854847"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854847\"\u003ehttps://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0854847\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm/en?id=ot_kb_unauthenticated\u0026sysparm_article=KB0854847"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-13672",
        "datePublished": "2026-02-19T22:36:33.467Z",
        "dateReserved": "2025-11-25T17:03:44.542Z",
        "dateUpdated": "2026-02-24T14:42:46.727Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8054 (GCVE-0-2025-8054)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:21 – Updated: 2026-02-23 18:14
    VLAI
    Title
    Path Traversal vulnerability have been discovered in OpenText™ XM Fax.
    Summary
    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal.  The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ XM Fax Affected: 24.2
    Create a notification for this product.
    Credits
    Inetum Hacking team, leaded in this research by Ángel M Sequeira and with the help of @cr33pb0y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:13:15.750473Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:14:02.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "XM Fax",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Inetum Hacking team, leaded in this research by \u00c1ngel M Sequeira and with the help of @cr33pb0y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText\u2122 XM Fax allows Path Traversal.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem.\u0026nbsp;\u003c/span\u003e\u003cp\u003eThis issue affects XM Fax: 24.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in OpenText\u2122 XM Fax allows Path Traversal.\u00a0\n\nThe vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem.\u00a0This issue affects XM Fax: 24.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:21:22.483Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Path Traversal vulnerability have been discovered in OpenText\u2122 XM Fax.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-8054",
        "datePublished": "2026-02-19T22:21:22.483Z",
        "dateReserved": "2025-07-22T13:07:37.061Z",
        "dateUpdated": "2026-02-23T18:14:02.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8055 (GCVE-0-2025-8055)

    Vulnerability from cvelistv5 – Published: 2026-02-19 22:21 – Updated: 2026-02-23 18:12
    VLAI
    Title
    SSRF vulnerability have been discovered in OpenText™ XM Fax
    Summary
    Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ XM Fax Affected: 24.2
    Create a notification for this product.
    Credits
    Inetum Hacking team, leaded in this research by Ángel M Sequeira and with the help of @cr33pb0y
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8055",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-23T18:11:09.453344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-23T18:12:27.145Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "XM Fax",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Inetum Hacking team, leaded in this research by \u00c1ngel M Sequeira and with the help of @cr33pb0y"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow an attacker to\u003c/span\u003e\n\n\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eperform blind SSRF to other systems accessible from the XM Fax server.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects XM Fax: 24.2.\u003c/p\u003e"
                }
              ],
              "value": "Server-Side Request Forgery (SSRF) vulnerability in OpenText\u2122 XM Fax allows Server Side Request Forgery.\u00a0\n\nThe vulnerability could allow an attacker to\n\n\n\nperform blind SSRF to other systems accessible from the XM Fax server.\n\nThis issue affects XM Fax: 24.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T22:21:06.831Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0847038\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847038"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSRF vulnerability have been discovered in OpenText\u2122 XM Fax",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-8055",
        "datePublished": "2026-02-19T22:21:06.831Z",
        "dateReserved": "2025-07-22T13:07:46.734Z",
        "dateUpdated": "2026-02-23T18:12:27.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-15579 (GCVE-0-2025-15579)

    Vulnerability from cvelistv5 – Published: 2026-02-18 14:57 – Updated: 2026-02-27 21:46
    VLAI
    Title
    An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
    Summary
    Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection.  The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Directory Services Affected: 0 , < 24.4.16 (custom)
    Affected: 25.1 , < 25.1.9 (custom)
    Affected: 25.2 , < 25.2.9 (custom)
    Affected: 25.3 , < 25.3.8 (custom)
    Affected: 25.4 , < 25.4.5 (custom)
    Affected: 26.1 , < 26.1.2 (custom)
    Create a notification for this product.
    Credits
    Dylan Pindur - Assetnote Adam Kues - Assetnote Tomais Williamson - Assetnote
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-18T18:19:55.256380Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-18T18:20:06.518Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Directory Services",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "lessThan": "24.4.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.1.9",
                  "status": "affected",
                  "version": "25.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.2.9",
                  "status": "affected",
                  "version": "25.2",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.3.8",
                  "status": "affected",
                  "version": "25.3",
                  "versionType": "custom"
                },
                {
                  "lessThan": "25.4.5",
                  "status": "affected",
                  "version": "25.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26.1.2",
                  "status": "affected",
                  "version": "26.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dylan Pindur - Assetnote"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Adam Kues - Assetnote"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Tomais Williamson - Assetnote"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability could lead to remote code execution, denial of service, or privilege escalation.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2.\u003c/p\u003e"
                }
              ],
              "value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection.\u00a0\n\nThe vulnerability could lead to remote code execution, denial of service, or privilege escalation.\n\nThis issue affects Directory Services: before 24.4.16, from 25.1 before 25.1.9, from 25.2 before 25.2.9, from 25.3 before 25.3.8, from 25.4 before 25.4.5, from 26.1 before 26.1.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-586",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-586 Object Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T21:46:44.623Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "An Insecure Deserialization vulnerability has been discovered in OpenText\u2122 Directory Services.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-15579",
        "datePublished": "2026-02-18T14:57:04.010Z",
        "dateReserved": "2026-02-17T15:58:22.563Z",
        "dateUpdated": "2026-02-27T21:46:44.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-9432 (GCVE-0-2024-9432)

    Vulnerability from cvelistv5 – Published: 2026-01-30 18:31 – Updated: 2026-01-30 19:29
    VLAI
    Title
    Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.
    Summary
    Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data.   The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ Vertica Affected: 23.x (custom)
    Affected: 24.x
    Affected: 25.x
    Create a notification for this product.
    Credits
    Davide Brian Di Campi, TIM Security Red Team Research Massimiliano Brolli, TIM Security Red Team Research
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9432",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-30T19:29:45.564285Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-30T19:29:53.064Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Vertica",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "23.x",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "24.x"
                },
                {
                  "status": "affected",
                  "version": "25.x"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Davide Brian Di Campi, TIM Security Red Team Research"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Massimiliano Brolli, TIM Security Red Team Research"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cleartext Storage of Sensitive Information vulnerability in OpenText\u2122 Vertica allows Retrieve Embedded Sensitive Data.\u0026nbsp;\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could read Vertica agent plaintext apikey.\u003c/span\u003e\u003cp\u003eThis issue affects Vertica versions: 23.X, 24.X, 25.X.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "Cleartext Storage of Sensitive Information vulnerability in OpenText\u2122 Vertica allows Retrieve Embedded Sensitive Data.\u00a0\u00a0\n\nThe vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-37",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H/AU:Y/R:U/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312 Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-30T18:31:31.448Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000044937?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000044937?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000044937?language=en_US\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000044937?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText\u2122 Vertica.",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2024-9432",
        "datePublished": "2026-01-30T18:31:31.448Z",
        "dateReserved": "2024-10-02T15:18:41.223Z",
        "dateUpdated": "2026-01-30T19:29:53.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11884 (GCVE-0-2025-11884)

    Vulnerability from cvelistv5 – Published: 2025-11-19 21:13 – Updated: 2025-11-20 14:35
    VLAI
    Title
    Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText™ uCMDB Affected: 24.4
    Create a notification for this product.
    Credits
    Mateusz "MaTTallica" Klement
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11884",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-20T14:35:18.595822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-20T14:35:24.781Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "uCMDB",
              "vendor": "OpenText\u2122",
              "versions": [
                {
                  "status": "affected",
                  "version": "24.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mateusz \"MaTTallica\" Klement"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow\u0026nbsp;an\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker has high level access to UCMDB to create or update data with malicious scripts\u003c/span\u003e\n\n\u003cp\u003eThis issue affects uCMDB: 24.4.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow\u00a0an\u00a0attacker has high level access to UCMDB to create or update data with malicious scripts\n\nThis issue affects uCMDB: 24.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "NEGLIGIBLE",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "GREEN",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-19T21:13:48.572Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000043674?language=en_US"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://portal.microfocus.com/s/article/KM000043674?language=en_US\"\u003ehttps://portal.microfocus.com/s/article/KM000043674?language=en_US\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "https://portal.microfocus.com/s/article/KM000043674?language=en_US"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-site Scripting vulnerability discovered in OpenText\u2122 Universal Discovery and CMDB",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2025-11884",
        "datePublished": "2025-11-19T21:13:48.572Z",
        "dateReserved": "2025-10-16T17:50:24.435Z",
        "dateUpdated": "2025-11-20T14:35:24.781Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }