CyberSecurityBoard
Sponsor Register Login

Critical Vulnerabilities Patched In OpenText Enterprise Content Management System

On April 30, Open Text released a security alert regarding nine critical vulnerabilities found in its Enterprise Content Management System (ECM). OpenText is a software vendor based in Waterloo, Canada, providing enterprise solutions for content, search, collaboration and document management. The vulnerabilities found in the Enterprise Content Management System have the potential to cause system malfunction and expose sensitive information of OpenText customers. The nine critical vulnerabilities can be categorized into four main issues: open text risk, cross-origin request forgery, unrestricted file upload, and security misconfiguration. All nine vulnerabilities have been assigned a CVSS base score of 9.8, the highest severity rating, meaning that attacks exploiting these security flaws can have a devastating impact. This is why Open Text has urged all customers running OpenText ECM to apply the patches as soon as possible. The security patches include solutions to prevent unauthorized access of sensitive data by blocking cross-origin request forgery, an attack technique commonly used by hackers to take control of web applications. OpenText has also provided measures for preventing unrestricted file upload, which could allow malicious actors to upload malicious files to the system. Furthermore, the security patches are intended to mitigate security misconfiguration, which can occur due to a lack of awareness or failure to correctly configure system settings. In addition to the security patches, OpenText has also released an advisory containing best practices for content security measures that organizations should be implementing. These practices include regularly updating systems, patching security vulnerabilities as soon as they are discovered, and hardening the security of networks to prevent malicious exploitation. OpenText is committed to providing the highest levels of security for its customers. As such, when critical vulnerabilities are discovered, they are patched quickly and effectively to ensure that the data of OpenText customers remains safe.

This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000


Cyber News related to Critical Vulnerabilities Patched In OpenText Enterprise Content Management System

OpenText Joins the Joint Cyber Defense Collaborative to Enhance US Government Cybersecurity - This collaborative effort, established by the Cybersecurity and Infrastructure Security Agency, is dedicated to elevating the cybersecurity posture of the U.S. government and its strategic international partners. As a member, OpenText will support ...
1 year ago Darkreading.com
Critical Vulnerabilities Patched In OpenText Enterprise Content Management System - On April 30, Open Text released a security alert regarding nine critical vulnerabilities found in its Enterprise Content Management System (ECM). OpenText is a software vendor based in Waterloo, Canada, providing enterprise solutions for content, ...
2 years ago Securityweek.com
OpenText Software Contains Critical Flaws - OpenText software is known for its abilities in enterprise content management (ECM), but a recent security issue reveals it may have serious flaws in security. The vendor disclosed that OpenText software has critical flaws that could enable remote ...
2 years ago Securityaffairs.com
20 Best Inventory Management Tools in 2025 - inFlow Inventory is a comprehensive inventory management tool designed for small to medium-sized businesses, offering features like real-time stock tracking, order management, and barcode scanning to streamline operations. The tool provides advanced ...
4 months ago Cybersecuritynews.com
OpenText report raises awareness for consumer digital life protection as privacy concerns increase with generative AI use - Webroot Blog - Additionally, while consumers have taken steps to protect their personal information, only 27% use privacy tools and settings to protect workplace information when using generative AI. Consumers can better protect their sensitive information from ...
1 year ago Webroot.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
5 years ago
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
1 year ago Securityboulevard.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
5 months ago Cybersecuritynews.com
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
8 months ago Cybersecuritynews.com
CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
4 years ago
15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
9 months ago Cybersecuritynews.com
10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
8 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
18 Best Web Filtering Solutions - 2025 - Pros Cons Comprehensive content filtering.Cost can be high for full features.Malware and threat protection.Hardware-based solutions may require additional infrastructure.Easy to deploy and manage.Configuration complexity for advanced ...
9 months ago Cybersecuritynews.com
CVE-2019-3696 - A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module ...
5 years ago
Content Credentials Show Promise, But Ecosystem Still Young - It's a good start, but an end-to-end workflow requires more: Cameras or smartphones to generate signed images, support for Content Credentials in a wide variety of image-editing software, and the ability to view authenticated metadata on social ...
9 months ago Darkreading.com
CVE-2019-3695 - A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools ...
5 years ago
Top 10 NinjaOne Alternatives to Consider in 2024 - Atera: Best for IT teams needing a unified platform for network and device management, including patch management and automation. Kaseya VSA: Best for IT operations looking for comprehensive IT management including remote control, patch management, ...
1 year ago Heimdalsecurity.com
ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Hackread.com
Critical PHP Vulnerabilities Let Attackers Inject Commands - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Cybersecuritynews.com
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
1 year ago Securityboulevard.com
Navigating Certificate Lifecycle Management and Mobile Device Management With an Effective PKI Solution - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Securityboulevard.com
ReversingLabs Search Extension for Splunk Enterprise - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Securityboulevard.com
Solix Empowers the Data-Driven Enterprise - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Feeds.dzone.com
Case Study: Fatty Liver Foundation Improves Enterprise Domain Security with PowerDMARC - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)