Search criteria
6 vulnerabilities found for Directory Services by OpenText™
CVE-2026-1658 (GCVE-0-2026-1658)
Vulnerability from nvd – Published: 2026-02-19 22:40 – Updated: 2026-02-19 22:40
VLAI?
Title
Content spoofing vulnerability discovered in OpenText™ Directory Services
Summary
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.
The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.
This issue affects Directory Services: from 20.4.1 through 25.2.
Severity ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Directory Services |
Affected:
20.4.1 , ≤ 25.2
(custom)
|
Credits
Andrej Šimko of Accenture
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directory Services",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "25.2",
"status": "affected",
"version": "20.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrej \u0160imko of Accenture"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Directory Services: from 20.4.1 through 25.2.\u003c/p\u003e"
}
],
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141 Cache Poisoning"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T22:40:33.406Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Content spoofing vulnerability discovered in OpenText\u2122 Directory Services",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2026-1658",
"datePublished": "2026-02-19T22:40:33.406Z",
"dateReserved": "2026-01-29T20:02:02.908Z",
"dateUpdated": "2026-02-19T22:40:33.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15579 (GCVE-0-2025-15579)
Vulnerability from nvd – Published: 2026-02-18 14:57 – Updated: 2026-02-18 18:20
VLAI?
Title
An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
Summary
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or
privilege escalation.
This issue affects Directory Services: from 10.5 through 26.1.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Directory Services |
Affected:
10.5 , ≤ 26.1
(custom)
|
Credits
Dylan Pindur - Assetnote
Adam Kues - Assetnote
Tomais Williamson - Assetnote
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T18:19:55.256380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T18:20:06.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directory Services",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "26.1",
"status": "affected",
"version": "10.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dylan Pindur - Assetnote"
},
{
"lang": "en",
"type": "finder",
"value": "Adam Kues - Assetnote"
},
{
"lang": "en",
"type": "finder",
"value": "Tomais Williamson - Assetnote"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\n\u003cp\u003eThis issue affects Directory Services: from 10.5 through 26.1.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:57:04.010Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An Insecure Deserialization vulnerability has been discovered in OpenText\u2122 Directory Services.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-15579",
"datePublished": "2026-02-18T14:57:04.010Z",
"dateReserved": "2026-02-17T15:58:22.563Z",
"dateUpdated": "2026-02-18T18:20:06.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7650 (GCVE-0-2024-7650)
Vulnerability from nvd – Published: 2025-07-10 10:02 – Updated: 2025-07-10 14:14
VLAI?
Title
Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The
vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Directory Services |
Affected:
23.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T14:14:08.411383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T14:14:17.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directory Services",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "23.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Directory Services allows Remote Code Inclusion. The\nvulnerability could allow access to the system via script injection.\u003cp\u003eThis issue affects Directory Services: 23.4.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Directory Services allows Remote Code Inclusion. The\nvulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:A/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T10:02:58.567Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0844620"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0844620\"\u003eSupport articles, alerts \u0026amp; useful tools - Remote code execution vulnerability discovered in OpenText\u2122 Directory Services CE 23.4\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Support articles, alerts \u0026 useful tools - Remote code execution vulnerability discovered in OpenText\u2122 Directory Services CE 23.4 https://support.opentext.com/csm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote code execution vulnerability discovered in OpenText\u2122 Directory Services CE 23.4",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-7650",
"datePublished": "2025-07-10T10:02:58.567Z",
"dateReserved": "2024-08-09T15:58:10.650Z",
"dateUpdated": "2025-07-10T14:14:17.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-1658 (GCVE-0-2026-1658)
Vulnerability from cvelistv5 – Published: 2026-02-19 22:40 – Updated: 2026-02-19 22:40
VLAI?
Title
Content spoofing vulnerability discovered in OpenText™ Directory Services
Summary
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.
The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.
This issue affects Directory Services: from 20.4.1 through 25.2.
Severity ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Directory Services |
Affected:
20.4.1 , ≤ 25.2
(custom)
|
Credits
Andrej Šimko of Accenture
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directory Services",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "25.2",
"status": "affected",
"version": "20.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andrej \u0160imko of Accenture"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Directory Services: from 20.4.1 through 25.2.\u003c/p\u003e"
}
],
"value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141 Cache Poisoning"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T22:40:33.406Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0858517\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0858517"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Content spoofing vulnerability discovered in OpenText\u2122 Directory Services",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2026-1658",
"datePublished": "2026-02-19T22:40:33.406Z",
"dateReserved": "2026-01-29T20:02:02.908Z",
"dateUpdated": "2026-02-19T22:40:33.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-15579 (GCVE-0-2025-15579)
Vulnerability from cvelistv5 – Published: 2026-02-18 14:57 – Updated: 2026-02-18 18:20
VLAI?
Title
An Insecure Deserialization vulnerability has been discovered in OpenText™ Directory Services.
Summary
Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or
privilege escalation.
This issue affects Directory Services: from 10.5 through 26.1.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Directory Services |
Affected:
10.5 , ≤ 26.1
(custom)
|
Credits
Dylan Pindur - Assetnote
Adam Kues - Assetnote
Tomais Williamson - Assetnote
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-15579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T18:19:55.256380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T18:20:06.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directory Services",
"vendor": "OpenText\u2122",
"versions": [
{
"lessThanOrEqual": "26.1",
"status": "affected",
"version": "10.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dylan Pindur - Assetnote"
},
{
"lang": "en",
"type": "finder",
"value": "Adam Kues - Assetnote"
},
{
"lang": "en",
"type": "finder",
"value": "Tomais Williamson - Assetnote"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\n\u003cp\u003eThis issue affects Directory Services: from 10.5 through 26.1.\u003c/p\u003e"
}
],
"value": "Deserialization of Untrusted Data vulnerability in OpenText\u2122 Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or\nprivilege escalation.\n\nThis issue affects Directory Services: from 10.5 through 26.1."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T14:57:04.010Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0859600\u0026amp;sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026amp;spa=1\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0859600\u0026sys_kb_id=f82c01214707b6144549b6bd416d43b7\u0026spa=1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An Insecure Deserialization vulnerability has been discovered in OpenText\u2122 Directory Services.",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-15579",
"datePublished": "2026-02-18T14:57:04.010Z",
"dateReserved": "2026-02-17T15:58:22.563Z",
"dateUpdated": "2026-02-18T18:20:06.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7650 (GCVE-0-2024-7650)
Vulnerability from cvelistv5 – Published: 2025-07-10 10:02 – Updated: 2025-07-10 14:14
VLAI?
Title
Remote code execution vulnerability discovered in OpenText™ Directory Services CE 23.4
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The
vulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenText™ | Directory Services |
Affected:
23.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T14:14:08.411383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T14:14:17.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Directory Services",
"vendor": "OpenText\u2122",
"versions": [
{
"status": "affected",
"version": "23.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Directory Services allows Remote Code Inclusion. The\nvulnerability could allow access to the system via script injection.\u003cp\u003eThis issue affects Directory Services: 23.4.\u003c/p\u003e"
}
],
"value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in OpenText\u2122 Directory Services allows Remote Code Inclusion. The\nvulnerability could allow access to the system via script injection.This issue affects Directory Services: 23.4."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:A/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T10:02:58.567Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0844620"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0844620\"\u003eSupport articles, alerts \u0026amp; useful tools - Remote code execution vulnerability discovered in OpenText\u2122 Directory Services CE 23.4\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Support articles, alerts \u0026 useful tools - Remote code execution vulnerability discovered in OpenText\u2122 Directory Services CE 23.4 https://support.opentext.com/csm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote code execution vulnerability discovered in OpenText\u2122 Directory Services CE 23.4",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2024-7650",
"datePublished": "2025-07-10T10:02:58.567Z",
"dateReserved": "2024-08-09T15:58:10.650Z",
"dateUpdated": "2025-07-10T14:14:17.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}