Skip to main content

Vertica

6 CVEs product

Monthly

CVE-2025-12453 MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in OpenText Vertica's management console application due to improper input neutralization during web page generation (CWE-79). The vulnerability affects Vertica versions 10.0 through 25.3.X, allowing attackers to inject malicious scripts that execute in users' browsers when they click attacker-controlled links. With a CVSS v4.0 score of 5.1 and network-based attack vector requiring user interaction, this represents a moderate risk with limited direct technical impact but potential for credential theft or session hijacking.

XSS Vertica
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-12454 MEDIUM This Month

This vulnerability is a Reflected Cross-Site Scripting (XSS) flaw in OpenText Vertica's management console that fails to properly neutralize user input during web page generation. The issue affects Vertica versions 10.0 through 25.1.x across multiple major version branches, allowing attackers to inject malicious scripts that execute in users' browsers. With a CVSS score of 5.1 (medium severity) and a network attack vector requiring only user interaction, this vulnerability poses a moderate but exploitable risk to Vertica deployments, particularly those exposing the management console to untrusted networks.

XSS Vertica
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-12455 MEDIUM This Month

An observable response discrepancy vulnerability in OpenText Vertica's management console allows attackers to perform password brute-force attacks by analyzing differences in application responses. This affects Vertica versions 10.0 through 10.X, 11.0 through 11.X, and 12.0 through 12.X. The vulnerability requires network access and user interaction but enables attackers to systematically guess passwords against valid user accounts without account lockout protection differentiating failed attempts.

Information Disclosure Vertica
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2024-6360 MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.0 through. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Vertica
NVD
CVSS 4.0
6.9
EPSS
0.3%
CVE-2016-2002 CRITICAL PATCH Act Now

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Vertica
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2015-6867 HIGH This Week

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Vertica
NVD
CVSS 2.0
7.5
EPSS
0.9%
EPSS 0% CVSS 5.1
MEDIUM This Month

A Reflected Cross-Site Scripting (XSS) vulnerability exists in OpenText Vertica's management console application due to improper input neutralization during web page generation (CWE-79). The vulnerability affects Vertica versions 10.0 through 25.3.X, allowing attackers to inject malicious scripts that execute in users' browsers when they click attacker-controlled links. With a CVSS v4.0 score of 5.1 and network-based attack vector requiring user interaction, this represents a moderate risk with limited direct technical impact but potential for credential theft or session hijacking.

XSS Vertica
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

This vulnerability is a Reflected Cross-Site Scripting (XSS) flaw in OpenText Vertica's management console that fails to properly neutralize user input during web page generation. The issue affects Vertica versions 10.0 through 25.1.x across multiple major version branches, allowing attackers to inject malicious scripts that execute in users' browsers. With a CVSS score of 5.1 (medium severity) and a network attack vector requiring only user interaction, this vulnerability poses a moderate but exploitable risk to Vertica deployments, particularly those exposing the management console to untrusted networks.

XSS Vertica
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

An observable response discrepancy vulnerability in OpenText Vertica's management console allows attackers to perform password brute-force attacks by analyzing differences in application responses. This affects Vertica versions 10.0 through 10.X, 11.0 through 11.X, and 12.0 through 12.X. The vulnerability requires network access and user interaction but enables attackers to systematically guess passwords against valid user accounts without account lockout protection differentiating failed attempts.

Information Disclosure Vertica
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey.0 through. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass Vertica
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Vertica
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Vertica
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy