Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4  with WebReports module installed and enabled.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Solutions Business Manager (SBM) allows Stored XSS.  The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1.

In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5)

Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation.  The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10.

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.

Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.

Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.

Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.

Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.