OpenText 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、vendor risk cross-site scripting、バッファオーバーフロー, and vendor risk input validation があり、vendor surface software deployment の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-3278 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3. | [email protected] | 7.4 | 0.05% | 2026-03-18 | 2026-03-19 |
| CVE-2025-12455 | Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X. | [email protected] | 5.1 | 0.05% | 2026-03-13 | 2026-04-17 |
| CVE-2025-12454 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X. | [email protected] | 5.1 | 0.03% | 2026-03-13 | 2026-04-17 |
| CVE-2025-12453 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X. | [email protected] | 5.1 | 0.03% | 2026-03-13 | 2026-04-17 |
| CVE-2026-3266 | Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2. | [email protected] | 8.3 | 0.17% | 2026-03-03 | 2026-03-05 |
| CVE-2026-1658 | User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2. | [email protected] | 5.3 | 0.03% | 2026-02-19 | 2026-02-26 |
| CVE-2025-9208 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1. | [email protected] | 7.5 | 0.03% | 2026-02-19 | 2026-02-27 |
| CVE-2025-8055 | Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2. | [email protected] | 5.3 | 0.04% | 2026-02-19 | 2026-02-27 |
| CVE-2025-8054 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2. | [email protected] | 7.1 | 0.05% | 2026-02-19 | 2026-02-27 |
| CVE-2025-13672 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | [email protected] | 7.0 | 0.03% | 2026-02-19 | 2026-02-27 |
| CVE-2025-13671 | Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | [email protected] | 5.9 | 0.02% | 2026-02-19 | 2026-02-27 |
| CVE-2025-8050 | External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | [email protected] | 5.3 | 0.04% | 2025-10-21 | 2025-10-28 |
| CVE-2025-8053 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2. | [email protected] | 1.0 | 0.04% | 2025-10-20 | 2025-10-28 |
| CVE-2025-8052 | SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2. | [email protected] | 1.0 | 0.03% | 2025-10-20 | 2025-10-28 |
| CVE-2025-8051 | Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | [email protected] | 5.3 | 0.06% | 2025-10-20 | 2025-10-28 |
| CVE-2025-8049 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2. | [email protected] | 2.3 | 0.05% | 2025-10-20 | 2025-10-28 |
| CVE-2025-8048 | External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2. | [email protected] | 5.3 | 0.04% | 2025-10-20 | 2025-10-28 |
| CVE-2024-6360 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | [email protected] | 6.9 | 0.07% | 2024-10-02 | 2025-11-19 |
| CVE-2021-22518 | A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | [email protected] | 5.8 | 0.04% | 2024-09-12 | 2024-10-02 |
| CVE-2023-7260 | Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | [email protected] | 6.9 | 0.26% | 2024-08-22 | 2024-10-16 |