PT-2026-20435 · Opentext · Opentext Directory Services

Publicado

2026-02-18

Atualizado

2026-02-27

CVE-2025-15579

CVSS v4.0

9.5

Crítica

Vetor

AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red

Name of the Vulnerable Software and Affected Versions OpenText Directory Services versions 10.5 through 26.1

Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. Successful exploitation of this issue could result in remote code execution, denial of service, or privilege escalation.

Recommendations Update OpenText Directory Services to a version later than 26.1.

Correção

LPE

RCE

DoS

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2025-15579

Produtos afetados

Opentext Directory Services

PT-2026-20435 · Opentext · Opentext Directory Services

CVE-2025-15579

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7