OpenText™ — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting OpenText™. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenText™ operates as a global leader in enterprise information management, providing software solutions for content lifecycle management, digital experience, and cybersecurity. Its extensive portfolio, including Content Server and Webi, has historically been a frequent target for attackers due to its complex architecture and widespread deployment in critical infrastructure. The recorded 43 Common Vulnerabilities and Exposures (CVEs) predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and insecure default configurations. Notable incidents include severe remote code execution vulnerabilities that allowed unauthenticated attackers to gain full system control, highlighting risks associated with legacy components. These findings underscore the necessity for rigorous patch management and secure configuration practices within OpenText™ environments to mitigate the persistent threat landscape facing enterprise information management platforms.

CVEs 43

CVE ID	Title	CVSS	Severity	Published
CVE-2026-3278	XSS Vulnerability discovered in OpenText™ ZENworks Service Desk. — ZENworks Service DeskCWE-79	6.1	-	2026-03-18
CVE-2025-12453	Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica. — VerticaCWE-79	6.1	-	2026-03-13
CVE-2025-12454	Improper neutralization of input during web page generation vulnerability has been discovered in OpenText™ Vertica. — VerticaCWE-79	6.1	-	2026-03-13
CVE-2025-12455	Username Enumeration Observable Response Discrepancy vulnerability has been discovered in OpenText™ Vertica. — VerticaCWE-204	9.8	-	2026-03-13
CVE-2026-3266	Improper access control vulnerability has been discovered in OpenText™ Filr. — FilrCWE-862	9.1^AI	Critical^AI	2026-03-03
CVE-2025-9120	RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup. — Carbonite Safe Server BackupCWE-94	9.8^AI	Critical^AI	2026-02-24
CVE-2026-1658	Content spoofing vulnerability discovered in OpenText™ Directory Services — Directory ServicesCWE-451	4.3^AI	Medium^AI	2026-02-19
CVE-2025-9208	Stored-XSS vulnerability discovered in OpenText WSM Management Server. — Web Site Management ServerCWE-79	6.1^AI	Medium^AI	2026-02-19
CVE-2025-13671	Cross Site request forgery vulnerability discovered in OpenText WSM Management Server. — Web Site Management ServerCWE-352	4.3^AI	Medium^AI	2026-02-19
CVE-2025-13672	Reflected Cross-Site Scripting discovered in OpenText WSM Management Server. — Web Site Management ServerCWE-79	6.1^AI	Medium^AI	2026-02-19
CVE-2025-8054	Path Traversal vulnerability have been discovered in OpenText™ XM Fax. — XM FaxCWE-22	6.5^AI	Medium^AI	2026-02-19
CVE-2025-8055	SSRF vulnerability have been discovered in OpenText™ XM Fax — XM FaxCWE-918	9.1^AI	Critical^AI	2026-02-19
CVE-2025-15579	An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services. — Directory ServicesCWE-502	8.8^AI	High^AI	2026-02-18
CVE-2024-9432	Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica. — VerticaCWE-312	7.5^AI	High^AI	2026-01-30
CVE-2025-11884	Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB — uCMDBCWE-79	4.8^AI	Medium^AI	2025-11-19
CVE-2024-7650	Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4 — Directory ServicesCWE-94	9.8^AI	Critical^AI	2025-07-10
CVE-2025-0885	Incorrect Authorization vulnerability affects OpenText™ GroupWise — GroupWiseCWE-863	4.3^AI	Medium^AI	2025-07-03
CVE-2025-3272	Incorrect user authorization vulnerability has been identified in Open Text Operations Bridge Manager. — Operations Bridge ManagerCWE-863	6.5^AI	Medium^AI	2025-05-07
CVE-2025-3476	OpenText Operations Bridge Manager 安全漏洞 — Operations Bridge ManagerCWE-863	8.8^AI	High^AI	2025-05-07
CVE-2024-12706	SQL Injection vulnerability discovered in OpenText™ Digital Asset Management. — Digital Asset Management.CWE-89	8.8^AI	High^AI	2025-04-28
CVE-2022-26323	Incorrect Use of Privileged vulnerability has been discovered on OpenText™ UCMDB and Operation Bridge Manager product. — Operations Bridge ManagerCWE-648	8.8^AI	High^AI	2025-04-17
CVE-2025-0883	vulnerability has been discovered in OpenText™ Service Manager. — Service ManagerCWE-81	4.3	-	2025-03-12
CVE-2025-0884	Privilege Escalation vulnerability has been discovered in OpenText™ Service Manager. — Service ManagerCWE-428	7.8	-	2025-03-12
CVE-2024-8125	A remote code vulnerability has been discovered in OpenText™ Content Management. — Content Management (Extended ECM)CWE-1287	8.8	-	2025-02-04
CVE-2024-7085	Exposure of private information vulnerability has been discovered in OpenText™ Solutions Business Manager (SBM). — Solutions Business Manager (SBM)CWE-79	6.1	-	2025-01-15
CVE-2021-22501	OpenText Operations Bridge Manager 安全漏洞 — Operations Bridge ManagerCWE-611	9.1	-	2024-12-19
CVE-2019-17082	OpenText AccuRev 安全漏洞 — AccuRevCWE-522	9.8^AI	Critical^AI	2024-11-26
CVE-2024-10923	Improper Neutralization vulnerability has been discovered in OpenText™ ALM Octane Management. — ALM Octane ManagementCWE-79	5.4^AI	Medium^AI	2024-11-12
CVE-2024-5532	A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA). — Operations AgentCWE-79	4.8^AI	Medium^AI	2024-10-28
CVE-2023-32266	Code injection vulnerability found in OpenText Application Lifecycle Management (ALM),Quality Center. — Application Lifecycle Management (ALM),Quality CenterCWE-426	7.3^AI	High^AI	2024-10-16

This page lists every published CVE security advisory associated with OpenText™. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

OpenText™ — Vulnerabilities & Security Advisories 43