cbcvebase.

Opentext Vertica vulnerabilities

9 known vulnerabilities affecting opentext/vertica.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2023-7248P2CRITICALCVSS 9.8≥ 10.0.0-0, ≤ 10.1.1-26≥ 11.0.0-0, < 11.1.1-25+1 more2024-03-15
CVE-2023-7248 [CRITICAL] CWE-20 CVE-2023-7248: Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted r Certain functionality in OpenText Vertica Management console might be prone to bypass via crafted requests. The vulnerability would affect one of Vertica’s authentication functionalities by allowing specially crafted requests and sequences. This issue impacts the following Vertica Management Console versions: 10.x 11.1.1-24 or lower 12.0.4-18 or lowe
nvd
CVE-2024-6360P2CRITICALCVSS 9.8≥ 24.1.0-0, < 24.1.0-8≥ 24.2.0-0, < 24.2.0-4+6 more2024-10-02
CVE-2024-6360 [CRITICAL] CWE-732 CVE-2024-6360: Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X.
nvd
CVE-2016-2002P2CRITICALCVSS 9.8≥ 7.0.0, < 7.0.2.12≥ 7.1.0, < 7.1.2-12+1 more2016-04-20
CVE-2016-2002 [CRITICAL] CWE-77 CVE-2016-2002: The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0. The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
nvd
CVE-2015-6867P3HIGHCVSS 7.5v7.1.12015-11-04
CVE-2015-6867 [HIGH] CWE-284 CVE-2015-6867: The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914.
nvd
CVE-2017-5802P3CRITICALCVSS 9.8fixed in 6.1.3-20≥ 7.0, < 7.0.2-13+4 more2018-02-15
CVE-2017-5802 [CRITICAL] CVE-2017-5802: A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and lat A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found.
nvd
CVE-2025-12455P3HIGHCVSS 7.5≥ 10.0.0-0, ≤ 12.0.4-34≥ 10.0, ≤ 10.x+2 more2026-03-13
CVE-2025-12455 [HIGH] CWE-204 CVE-2025-12455: Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X.
nvd
CVE-2025-12454P4MEDIUMCVSS 6.1≥ 10.0.0-0, < 25.2.0≥ 10.0, ≤ 10.x+5 more2026-03-13
CVE-2025-12454 [MEDIUM] CWE-79 CVE-2025-12454: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 throu
nvd
CVE-2025-12453P4MEDIUMCVSS 6.1≥ 10.0.0-0, < 25.4.0-0≥ 10.0, ≤ 10.x+7 more2026-03-13
CVE-2025-12453 [MEDIUM] CWE-79 CVE-2025-12453: Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of cross-site scripting in Vertica management console application.This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 throu
nvd
CVE-2024-9432P4MEDIUMCVSS 6.9v23.xv24.x+1 more2026-01-30
CVE-2024-9432 [MEDIUM] CWE-312 CVE-2024-9432: Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedd Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.
nvd
Opentext Vertica vulnerabilities | cvebase