Opentext

Exceed Ondemand

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-6805

  • EPSS 0.12%
  • Veröffentlicht 19.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.

6.8

CVE-2013-6806

  • EPSS 0.23%
  • Veröffentlicht 19.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credential...

6.8

CVE-2013-6807

  • EPSS 0.16%
  • Veröffentlicht 19.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.

6.4

CVE-2013-6994

  • EPSS 0.24%
  • Veröffentlicht 19.05.2014 14:55:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.