Critical Vulnerabilities Patched In OpenText Enterprise Content Management System

On April 30, Open Text released a security alert regarding nine critical vulnerabilities found in its Enterprise Content Management System (ECM). OpenText is a software vendor based in Waterloo, Canada, providing enterprise solutions for content, search, collaboration and document management. The vulnerabilities found in the Enterprise Content Management System have the potential to cause system malfunction and expose sensitive information of OpenText customers. The nine critical vulnerabilities can be categorized into four main issues: open text risk, cross-origin request forgery, unrestricted file upload, and security misconfiguration. All nine vulnerabilities have been assigned a CVSS base score of 9.8, the highest severity rating, meaning that attacks exploiting these security flaws can have a devastating impact. This is why Open Text has urged all customers running OpenText ECM to apply the patches as soon as possible. The security patches include solutions to prevent unauthorized access of sensitive data by blocking cross-origin request forgery, an attack technique commonly used by hackers to take control of web applications. OpenText has also provided measures for preventing unrestricted file upload, which could allow malicious actors to upload malicious files to the system. Furthermore, the security patches are intended to mitigate security misconfiguration, which can occur due to a lack of awareness or failure to correctly configure system settings. In addition to the security patches, OpenText has also released an advisory containing best practices for content security measures that organizations should be implementing. These practices include regularly updating systems, patching security vulnerabilities as soon as they are discovered, and hardening the security of networks to prevent malicious exploitation. OpenText is committed to providing the highest levels of security for its customers. As such, when critical vulnerabilities are discovered, they are patched quickly and effectively to ensure that the data of OpenText customers remains safe.

This Cyber News was published on www.securityweek.com. Publication date: Tue, 24 Jan 2023 03:31:02 +0000


Cyber News related to Critical Vulnerabilities Patched In OpenText Enterprise Content Management System

OpenText Joins the Joint Cyber Defense Collaborative to Enhance US Government Cybersecurity - This collaborative effort, established by the Cybersecurity and Infrastructure Security Agency, is dedicated to elevating the cybersecurity posture of the U.S. government and its strategic international partners. As a member, OpenText will support ...
7 months ago Darkreading.com
Critical Vulnerabilities Patched In OpenText Enterprise Content Management System - On April 30, Open Text released a security alert regarding nine critical vulnerabilities found in its Enterprise Content Management System (ECM). OpenText is a software vendor based in Waterloo, Canada, providing enterprise solutions for content, ...
1 year ago Securityweek.com
OpenText Software Contains Critical Flaws - OpenText software is known for its abilities in enterprise content management (ECM), but a recent security issue reveals it may have serious flaws in security. The vendor disclosed that OpenText software has critical flaws that could enable remote ...
1 year ago Securityaffairs.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
9 months ago Securityboulevard.com
OpenText report raises awareness for consumer digital life protection as privacy concerns increase with generative AI use - Webroot Blog - Additionally, while consumers have taken steps to protect their personal information, only 27% use privacy tools and settings to protect workplace information when using generative AI. Consumers can better protect their sensitive information from ...
2 days ago Webroot.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
9 months ago Esecurityplanet.com
CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
3 years ago
Top 10 NinjaOne Alternatives to Consider in 2024 - Atera: Best for IT teams needing a unified platform for network and device management, including patch management and automation. Kaseya VSA: Best for IT operations looking for comprehensive IT management including remote control, patch management, ...
3 months ago Heimdalsecurity.com
CVE-2019-3696 - A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module ...
4 years ago
CVE-2019-3695 - A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools ...
4 years ago
Strobes 2023 Pentesting Recap: Trends, Stats, and How PTaaS is Transforming Cybersecurity - This article covers some amazing statistics on what category of vulnerabilities we commonly report across 100s of customers, and how we reduce compliance times and turn around time to reporting critical vulnerabilities. In a different article, we ...
9 months ago Securityboulevard.com
6 Best Vulnerability Management Tools for 2023 Compared - Vulnerability management tools discover security flaws in network and cloud environments and prioritize and apply fixes. They go well beyond patch management and vulnerability scanning tools while combining the best of those technologies, creating an ...
8 months ago Esecurityplanet.com
Creating a formula for effective vulnerability prioritization - In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset ...
9 months ago Helpnetsecurity.com
75% of new vulnerabilities exploited within 19 days - Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes - averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in ...
3 months ago Helpnetsecurity.com
CVE-2023-3440 - Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 ...
11 months ago
ChatGPT Plugins Exposed to Critical Vulnerabilities, Risked User Data - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Hackread.com
Critical PHP Vulnerabilities Let Attackers Inject Commands - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Cybersecuritynews.com
7 Best Attack Surface Management Software for 2024 - Attack surface management is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation and applies them to an organization's ...
9 months ago Esecurityplanet.com
Navigating Certificate Lifecycle Management and Mobile Device Management With an Effective PKI Solution - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
6 months ago Securityboulevard.com
Weekly VulnRecap - The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. Most news derived from the active attacks on multiple older ...
8 months ago Esecurityplanet.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
4 months ago Cisa.gov
What is identity management? Definition from SearchSecurity - Identity management is the organizational process for ensuring individuals have the appropriate access to technology resources. Identity management is an essential component of security. Identity management includes authenticating users and ...
5 months ago Techtarget.com
ReversingLabs Search Extension for Splunk Enterprise - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
4 months ago Securityboulevard.com
Solix Empowers the Data-Driven Enterprise - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
6 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)