RSS   Podatności dla 'Exceed ondemand'   RSS

2014-05-19
 
CVE-2013-6994

CWE-310
 

 
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.

 
 
CVE-2013-6807

CWE-310
 

 
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.

 
 
CVE-2013-6806

CWE-287
 

 
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.

 
 
CVE-2013-6805

CWE-310
 

 
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.

 

 >>> Vendor: Opentext 16 Produkty
Opentext firstclass desktop client
Documentum administrator
Documentum webtop
Livelink ecm
Documentum content server
Opentext/ixos ecm for sap netweaver
Document sciences xpression
Exceed ondemand
Documentum d2
Content server
Secure mft 2013
Secure mft 2014
Tempo box
Opentext portal
Brava\! desktop
Brava\!


Copyright 2024, cxsecurity.com

 

Back to Top