CVE-2021-38133— Possible Improper authentication Vulnerability in OpenText eDirectory
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-38133
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible Improper authentication Vulnerability in OpenText eDirectory
Source: NVD (National Vulnerability Database)
Vulnerability Description
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
弱口令要求
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenText eDirectory 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenText eDirectory是加拿大OpenText公司的一套结合了身份管理架构和目录服务技术的身份管理基础平台。该平台提供认证策略、数据备份和恢复服务、数据容灾等功能。 OpenText eDirectory 9.2.6.0000 版本之前存在安全漏洞,该漏洞源于包含一个外部服务交互攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenText | eDirectory | 9.2.0 ~ 9.2.5.0000 | - |
II. Public POCs for CVE-2021-38133
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-38133
请登录查看更多情报信息。
Same Patch Batch · OpenText · 2024-09-12 · 8 CVEs total
| CVE-2021-22532 | 7.6 HIGH | Possible NLDAP Denial of Service attack Vulnerability |
| CVE-2021-22533 | 6.5 MEDIUM | Possible Insertion of Sensitive Information into Log File Vulnerability |
| CVE-2021-22518 | 5.8 MEDIUM | Sensitive Information logging in NetIQ Identity Manager Driver |
| CVE-2021-22503 | 5.4 MEDIUM | Improper Neutralization of Input During Web Page Generation Vulnerability |
| CVE-2021-38131 | 5.4 MEDIUM | Cross-Site Scripting (XSS) Vulnerability |
| CVE-2021-38132 | 5.3 MEDIUM | Possible External service interaction Vulnerability |
| CVE-2022-26322 | 4.9 MEDIUM | Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manage |
IV. Related Vulnerabilities
Same product: eDirectory
- CVE-2019-25675
eDirectory All Versions SQL Injection Authentication Bypass - CVE-2021-22503
Improper Neutralization of Input During Web Page Generation - CVE-2021-22532
Possible NLDAP Denial of Service attack Vulnerability - CVE-2021-22533
Possible Insertion of Sensitive Information into Log File Vu - CVE-2021-38131
Cross-Site Scripting (XSS) Vulnerability
Same vendor: OpenText
- CVE-2026-2123
Privilege escalation vulnerability in Operations Agent - CVE-2024-11604
Insertion of Sensitive Information into Log File - CVE-2025-13478
Cache Misconfiguration Leading to Cross-User Data Exposure - CVE-2025-8050
External Control of File vulnerability has been discovered i - CVE-2025-8052
HQL Injection vulnerability has been discovered in Opentext
Same weakness: CWE-521
- CVE-2026-41038
Weak Password Policy Vulnerability in Quantum Networks Route - CVE-2026-6284
Horner Automation Cscape and XL4, XL7 PLC Weak password requ - CVE-2026-33771
CTP OS: Configuring password requirements does not work whic - CVE-2026-34203
Nautobot: Management of users via REST API does not apply co - CVE-2025-55269
HCL Aftermarket DPC is affected by Weak Password Policy vuln
V. Comments for CVE-2021-38133
No comments yet