Hussein Bahmad

**Name of the Vulnerable Software and Affected Versions** OpenText Content Server versions 20.2 through 24.4 **Description** The issue is related to an Incorrect Authorization vulnerability in the OpenText Content Server REST API, allowing users without the appropriate permissions to remove external collaborators. **Recommendations** For versions 20.2 through 24.4, consider restricting access to the REST API until a patch is available. As a temporary workaround, limit the ability of users to remove external collaborators to minimize the risk of exploitation. Avoid using the API for collaborator management until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenText Content Management versions 24.3 through 25.1 **Description** The issue concerns User Enumeration and Data Integrity in the Barcode functionality, allowing a malicious authenticated attacker to potentially alter barcode attributes. **Recommendations** For OpenText Content Management versions 24.3 through 25.1, update to a version that contains a fix for this issue to prevent potential alteration of barcode attributes by malicious authenticated attackers.

**Name of the Vulnerable Software and Affected Versions** OpenText Content Management CE versions 20.2 through 25.1 **Description** The issue allows authenticated malicious users to inject code into the system through a Stored XSS in Discussions. This affects OpenText Content Management CE on both Windows and Linux platforms. **Recommendations** For versions 20.2 through 25.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the Discussions feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 through 10.9.1 **Description** An unvalidated redirect issue exists, allowing a remote, unauthenticated attacker to potentially trick an authenticated user into accessing a domain controlled by the attacker. **Recommendations** For Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 through 10.9.1, update to a version that includes the fix for this issue to prevent exploitation.