This page lists publicly disclosed CVE vulnerabilities affecting opentext exceed_ondemand (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-6994 | OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | [email protected] | 6.4 | 1.18% | 2014-05-19 | 2026-06-16 |
| CVE-2013-6807 | The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | [email protected] | 6.8 | 0.63% | 2014-05-19 | 2026-06-16 |
| CVE-2013-6806 | OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext. | [email protected] | 6.8 | 1.03% | 2014-05-19 | 2026-06-16 |
| CVE-2013-6805 | OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. | [email protected] | 5.0 | 0.71% | 2014-05-19 | 2026-06-16 |