SQL Injection Vulnerability in OpenText Digital Asset Management
CVE-2024-12706
2.1LOW
Summary
An SQL Injection vulnerability exists in OpenText Digital Asset Management that allows authenticated users to execute arbitrary SQL commands on the database. This flaw can lead to unauthorized access and manipulation of sensitive data, highlighting a significant risk for organizations using affected versions. Proper safeguards must be implemented to mitigate potential exploitation.
Affected Version(s)
Digital Asset Management. 0 <= 24.4
References
CVSS V4
Score:
2.1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Joe Haskins, Edgescan