Improper Input Validation in OpenText Content Management Products
CVE-2024-8125

5.4MEDIUM

Key Information:

Vendor: Opentext™
Status: Content Management (extended Ecm)
Vendor: CVE Published:; 4 February 2025

Summary

An improper validation of specified input types in OpenText™ Content Management (Extended ECM) can lead to parameter injection vulnerabilities. Attackers with the requisite privileges can exploit this flaw to execute malicious code remotely on affected systems. This vulnerability primarily impacts versions 10.0 through 24.4 of OpenText Content Management with the WebReports module enabled, thereby posing significant security risks to organizations using these systems. Timely patching and updates are essential to mitigate potential threats stemming from this vulnerability.

Affected Version(s)

Content Management (Extended ECM) 10.0 <= 24.4

References

https://support.opentext.com/csm?id=ot_kb_unauthenticated...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Aug 23, 2024