Search criteria
18 vulnerabilities found for Flipper by opentext
FKIE_CVE-2025-8050
Vulnerability from fkie_nvd - Published: 2025-10-21 18:15 - Updated: 2025-10-28 16:16
Severity ?
Summary
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:flipper:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3913-F439-4C0A-82C8-AAEEEEBED8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.\u00a0\n\nThe vulnerability could allow a user to access files hosted on the server.\n\nThis issue affects Flipper: 3.1.2."
}
],
"id": "CVE-2025-8050",
"lastModified": "2025-10-28T16:16:46.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2025-10-21T18:15:36.927",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850526"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8048
Vulnerability from fkie_nvd - Published: 2025-10-20 20:15 - Updated: 2025-10-28 16:12
Severity ?
Summary
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file
path and then download the specified file from the system by requesting the
stored document ID.
This issue affects Flipper: 3.1.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:flipper:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3913-F439-4C0A-82C8-AAEEEEBED8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file\npath and then download the specified file from the system by requesting the\nstored document ID.\n\n\n\n\n\n\n\nThis issue affects Flipper: 3.1.2."
}
],
"id": "CVE-2025-8048",
"lastModified": "2025-10-28T16:12:50.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2025-10-20T20:15:38.007",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850531"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8051
Vulnerability from fkie_nvd - Published: 2025-10-20 20:15 - Updated: 2025-10-28 16:14
Severity ?
Summary
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:flipper:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3913-F439-4C0A-82C8-AAEEEEBED8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.\u00a0\n\nThe vulnerability could allow a user to access files hosted on the server.\n\nThis issue affects Flipper: 3.1.2."
}
],
"id": "CVE-2025-8051",
"lastModified": "2025-10-28T16:14:35.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2025-10-20T20:15:38.360",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850527"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-35"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8049
Vulnerability from fkie_nvd - Published: 2025-10-20 20:15 - Updated: 2025-10-28 16:11
Severity ?
Summary
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.
This issue affects Flipper: 3.1.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:flipper:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3913-F439-4C0A-82C8-AAEEEEBED8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2."
}
],
"id": "CVE-2025-8049",
"lastModified": "2025-10-28T16:11:07.157",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2025-10-20T20:15:38.173",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850530"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8052
Vulnerability from fkie_nvd - Published: 2025-10-20 20:15 - Updated: 2025-10-28 16:10
Severity ?
Summary
SQL Injection vulnerability in opentext Flipper allows SQL Injection.
The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.
This issue affects Flipper: 3.1.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:flipper:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3913-F439-4C0A-82C8-AAEEEEBED8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in opentext Flipper allows SQL Injection.\u00a0\n\nThe vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.\n\nThis issue affects Flipper: 3.1.2."
}
],
"id": "CVE-2025-8052",
"lastModified": "2025-10-28T16:10:43.003",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.0,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2025-10-20T20:15:38.533",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850533"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-564"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-8053
Vulnerability from fkie_nvd - Published: 2025-10-20 20:15 - Updated: 2025-10-28 16:08
Severity ?
Summary
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.
This issue affects Flipper: 3.1.2.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opentext:flipper:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E0F3913-F439-4C0A-82C8-AAEEEEBED8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.\n\nThis issue affects Flipper: 3.1.2."
}
],
"id": "CVE-2025-8053",
"lastModified": "2025-10-28T16:08:51.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.0,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@opentext.com",
"type": "Secondary"
}
]
},
"published": "2025-10-20T20:15:38.710",
"references": [
{
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850532"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
],
"source": "security@opentext.com",
"type": "Secondary"
}
]
}
CVE-2025-8050 (GCVE-0-2025-8050)
Vulnerability from cvelistv5 – Published: 2025-10-21 17:21 – Updated: 2025-10-21 18:22
VLAI?
Title
External Control of File vulnerability has been discovered in opentext Flipper.
Summary
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T18:17:39.979226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T18:22:41.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow a user to access files hosted on the server.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.\u00a0\n\nThe vulnerability could allow a user to access files hosted on the server.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T17:21:30.283Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850526"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850526\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850526\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850526"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "External Control of File vulnerability has been discovered in opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8050",
"datePublished": "2025-10-21T17:21:30.283Z",
"dateReserved": "2025-07-22T13:06:59.738Z",
"dateUpdated": "2025-10-21T18:22:41.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8052 (GCVE-0-2025-8052)
Vulnerability from cvelistv5 – Published: 2025-10-20 19:57 – Updated: 2025-10-21 15:31
VLAI?
Title
HQL Injection vulnerability has been discovered in Opentext Flipper.
Summary
SQL Injection vulnerability in opentext Flipper allows SQL Injection.
The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-564 - SQL Injection
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T15:31:12.772369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:31:49.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL Injection vulnerability in opentext Flipper allows SQL Injection.\u0026nbsp;\n\nThe vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "SQL Injection vulnerability in opentext Flipper allows SQL Injection.\u00a0\n\nThe vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-564",
"description": "CWE-564 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:57:34.805Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850533"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850533\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850533\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HQL Injection vulnerability has been discovered in Opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8052",
"datePublished": "2025-10-20T19:57:34.805Z",
"dateReserved": "2025-07-22T13:07:22.013Z",
"dateUpdated": "2025-10-21T15:31:49.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8048 (GCVE-0-2025-8048)
Vulnerability from cvelistv5 – Published: 2025-10-20 19:56 – Updated: 2025-10-20 20:16
VLAI?
Title
External Control of File path vulnerability has been discovered on Openext Flipper.
Summary
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file
path and then download the specified file from the system by requesting the
stored document ID.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:16:02.303246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:16:11.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file\npath and then download the specified file from the system by requesting the\nstored document ID.\n\n\n\n\n\n\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file\npath and then download the specified file from the system by requesting the\nstored document ID.\n\n\n\n\n\n\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:56:29.335Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850531"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850531\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850531\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850531"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "External Control of File path vulnerability has been discovered on Openext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8048",
"datePublished": "2025-10-20T19:56:29.335Z",
"dateReserved": "2025-07-22T13:06:35.332Z",
"dateUpdated": "2025-10-20T20:16:11.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8049 (GCVE-0-2025-8049)
Vulnerability from cvelistv5 – Published: 2025-10-20 19:56 – Updated: 2025-10-20 20:15
VLAI?
Title
Insufficient Access Control vulnerability has been discovered in OpenText Flipper.
Summary
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:15:22.931703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:15:29.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow a low-privilege user to elevate privileges within the application.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:56:20.291Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850530"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850530\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850530\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850530"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Access Control vulnerability has been discovered in OpenText Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8049",
"datePublished": "2025-10-20T19:56:20.291Z",
"dateReserved": "2025-07-22T13:06:51.321Z",
"dateUpdated": "2025-10-20T20:15:29.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8051 (GCVE-0-2025-8051)
Vulnerability from cvelistv5 – Published: 2025-10-20 19:55 – Updated: 2025-10-20 20:13
VLAI?
Title
Path traversal validation vulnerability has been discovered in opentext Flipper.
Summary
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-35 - Path Traversal
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:12:56.026581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:13:36.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.\u0026nbsp;\n\nThe vulnerability could allow a user to access files hosted on the server.\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.\u00a0\n\nThe vulnerability could allow a user to access files hosted on the server.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:55:57.106Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850527"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850527\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850527\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850527"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path traversal validation vulnerability has been discovered in opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8051",
"datePublished": "2025-10-20T19:55:57.106Z",
"dateReserved": "2025-07-22T13:07:10.678Z",
"dateUpdated": "2025-10-20T20:13:36.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8053 (GCVE-0-2025-8053)
Vulnerability from cvelistv5 – Published: 2025-10-20 19:55 – Updated: 2025-10-20 20:11
VLAI?
Title
Insufficient access control vulnerability has been discovered in Opentext Flipper.
Summary
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:11:40.960054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:11:50.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:55:17.290Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850532"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850532\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850532\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850532"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient access control vulnerability has been discovered in Opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8053",
"datePublished": "2025-10-20T19:55:17.290Z",
"dateReserved": "2025-07-22T13:07:29.565Z",
"dateUpdated": "2025-10-20T20:11:50.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8050 (GCVE-0-2025-8050)
Vulnerability from nvd – Published: 2025-10-21 17:21 – Updated: 2025-10-21 18:22
VLAI?
Title
External Control of File vulnerability has been discovered in opentext Flipper.
Summary
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T18:17:39.979226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T18:22:41.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow a user to access files hosted on the server.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal.\u00a0\n\nThe vulnerability could allow a user to access files hosted on the server.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T17:21:30.283Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850526"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850526\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850526\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850526"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "External Control of File vulnerability has been discovered in opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8050",
"datePublished": "2025-10-21T17:21:30.283Z",
"dateReserved": "2025-07-22T13:06:59.738Z",
"dateUpdated": "2025-10-21T18:22:41.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8052 (GCVE-0-2025-8052)
Vulnerability from nvd – Published: 2025-10-20 19:57 – Updated: 2025-10-21 15:31
VLAI?
Title
HQL Injection vulnerability has been discovered in Opentext Flipper.
Summary
SQL Injection vulnerability in opentext Flipper allows SQL Injection.
The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-564 - SQL Injection
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-21T15:31:12.772369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T15:31:49.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL Injection vulnerability in opentext Flipper allows SQL Injection.\u0026nbsp;\n\nThe vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "SQL Injection vulnerability in opentext Flipper allows SQL Injection.\u00a0\n\nThe vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-564",
"description": "CWE-564 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:57:34.805Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850533"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850533\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850533\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850533"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HQL Injection vulnerability has been discovered in Opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8052",
"datePublished": "2025-10-20T19:57:34.805Z",
"dateReserved": "2025-07-22T13:07:22.013Z",
"dateUpdated": "2025-10-21T15:31:49.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8048 (GCVE-0-2025-8048)
Vulnerability from nvd – Published: 2025-10-20 19:56 – Updated: 2025-10-20 20:16
VLAI?
Title
External Control of File path vulnerability has been discovered on Openext Flipper.
Summary
External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file
path and then download the specified file from the system by requesting the
stored document ID.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:16:02.303246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:16:11.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file\npath and then download the specified file from the system by requesting the\nstored document ID.\n\n\n\n\n\n\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file\npath and then download the specified file from the system by requesting the\nstored document ID.\n\n\n\n\n\n\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:56:29.335Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850531"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850531\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850531\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850531"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "External Control of File path vulnerability has been discovered on Openext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8048",
"datePublished": "2025-10-20T19:56:29.335Z",
"dateReserved": "2025-07-22T13:06:35.332Z",
"dateUpdated": "2025-10-20T20:16:11.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8049 (GCVE-0-2025-8049)
Vulnerability from nvd – Published: 2025-10-20 19:56 – Updated: 2025-10-20 20:15
VLAI?
Title
Insufficient Access Control vulnerability has been discovered in OpenText Flipper.
Summary
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:15:22.931703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:15:29.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow a low-privilege user to elevate privileges within the application.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low-privilege user to elevate privileges within the application.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:56:20.291Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850530"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850530\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850530\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850530"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Access Control vulnerability has been discovered in OpenText Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8049",
"datePublished": "2025-10-20T19:56:20.291Z",
"dateReserved": "2025-07-22T13:06:51.321Z",
"dateUpdated": "2025-10-20T20:15:29.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8051 (GCVE-0-2025-8051)
Vulnerability from nvd – Published: 2025-10-20 19:55 – Updated: 2025-10-20 20:13
VLAI?
Title
Path traversal validation vulnerability has been discovered in opentext Flipper.
Summary
Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.
The vulnerability could allow a user to access files hosted on the server.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-35 - Path Traversal
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:12:56.026581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:13:36.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.\u0026nbsp;\n\nThe vulnerability could allow a user to access files hosted on the server.\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.\u00a0\n\nThe vulnerability could allow a user to access files hosted on the server.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-597",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-597 Absolute Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:55:57.106Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850527"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850527\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850527\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850527"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path traversal validation vulnerability has been discovered in opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8051",
"datePublished": "2025-10-20T19:55:57.106Z",
"dateReserved": "2025-07-22T13:07:10.678Z",
"dateUpdated": "2025-10-20T20:13:36.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8053 (GCVE-0-2025-8053)
Vulnerability from nvd – Published: 2025-10-20 19:55 – Updated: 2025-10-20 20:11
VLAI?
Title
Insufficient access control vulnerability has been discovered in Opentext Flipper.
Summary
Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.
This issue affects Flipper: 3.1.2.
Severity ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Assigner
References
Credits
Lockheed Martin Red Team
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T20:11:40.960054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:11:50.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Flipper",
"vendor": "opentext",
"versions": [
{
"status": "affected",
"version": "3.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects Flipper: 3.1.2.\u003c/p\u003e"
}
],
"value": "Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels.\u00a0The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges.\n\nThis issue affects Flipper: 3.1.2."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220 Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T19:55:17.290Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850532"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850532\"\u003ehttps://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0850532\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0850532"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient access control vulnerability has been discovered in Opentext Flipper.",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8053",
"datePublished": "2025-10-20T19:55:17.290Z",
"dateReserved": "2025-07-22T13:07:29.565Z",
"dateUpdated": "2025-10-20T20:11:50.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}