彙總 OpenText 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 記憶體損壞、跨站腳本、緩衝區溢位與輸入驗證問題,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持、異常行為與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-3278 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ ZENworks Service Desk allows Cross-Site Scripting (XSS). The vulnerability could allow an attacker to execute arbitrary JavaScript leading to unauthorized actions on behalf of the user.This issue affects ZENworks Service Desk: 25.2, 25.3. | [email protected] | 7.4 | 0.14% | 2026-03-18 | 2026-06-17 |
| CVE-2025-12455 | Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X. | [email protected] | 5.1 | 0.30% | 2026-03-13 | 2026-06-17 |
| CVE-2025-12454 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X. | [email protected] | 5.1 | 0.18% | 2026-03-13 | 2026-06-17 |
| CVE-2025-12453 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X, from 25.1.0 through 25.1.X, from 25.2.0 through 25.2.X, from 25.3.0 through 25.3.X. | [email protected] | 5.1 | 0.18% | 2026-03-13 | 2026-06-17 |
| CVE-2026-3266 | Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2. | [email protected] | 8.3 | 0.34% | 2026-03-03 | 2026-06-17 |
| CVE-2026-1658 | User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2. | [email protected] | 5.3 | 0.24% | 2026-02-19 | 2026-06-17 |
| CVE-2025-9208 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL, allowing attackers to compromise user sessions and data. This issue affects Web Site Management Server: 16.7.X, 16.8, 16.8.1. | [email protected] | 7.5 | 0.20% | 2026-02-19 | 2026-06-17 |
| CVE-2025-8055 | Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2. | [email protected] | 5.3 | 0.16% | 2026-02-19 | 2026-06-17 |
| CVE-2025-8054 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2. | [email protected] | 7.1 | 0.31% | 2026-02-19 | 2026-06-17 |
| CVE-2025-13672 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the page, so that malicious scripts could be executed on the client side. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | [email protected] | 7.0 | 0.20% | 2026-02-19 | 2026-06-17 |
| CVE-2025-13671 | Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This issue affects Web Site Management Server: 16.7.0, 16.7.1. | [email protected] | 5.9 | 0.15% | 2026-02-19 | 2026-06-17 |
| CVE-2025-8050 | External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | [email protected] | 5.3 | 0.26% | 2025-10-21 | 2026-06-17 |
| CVE-2025-8053 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2. | [email protected] | 1.0 | 0.25% | 2025-10-20 | 2026-06-17 |
| CVE-2025-8052 | SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2. | [email protected] | 1.0 | 0.30% | 2025-10-20 | 2026-06-17 |
| CVE-2025-8051 | Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2. | [email protected] | 5.3 | 0.36% | 2025-10-20 | 2026-06-17 |
| CVE-2025-8049 | Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2. | [email protected] | 2.3 | 0.25% | 2025-10-20 | 2026-06-17 |
| CVE-2025-8048 | External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2. | [email protected] | 5.3 | 0.26% | 2025-10-20 | 2026-06-17 |
| CVE-2024-6360 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | [email protected] | 6.9 | 0.31% | 2024-10-02 | 2026-06-17 |
| CVE-2021-22518 | A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0 | [email protected] | 5.8 | 0.14% | 2024-09-12 | 2026-06-16 |
| CVE-2023-7260 | Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | [email protected] | 6.9 | 0.52% | 2024-08-22 | 2026-06-17 |