RSS   Vulnerabilities for 'Exceed ondemand'   RSS

2014-05-19
 
CVE-2013-6994

CWE-310
 

 
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.

 
 
CVE-2013-6807

CWE-310
 

 
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.

 
 
CVE-2013-6806

CWE-287
 

 
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.

 
 
CVE-2013-6805

CWE-310
 

 
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.

 

 >>> Vendor: Opentext 16 Products
Opentext firstclass desktop client
Livelink ecm
Opentext/ixos ecm for sap netweaver
Exceed ondemand
Secure mft 2013
Secure mft 2014
Documentum d2
Documentum content server
Tempo box
Documentum administrator
Documentum webtop
Document sciences xpression
Opentext portal
Content server
Brava\! desktop
Brava\!


Copyright 2022, cxsecurity.com

 

Back to Top