CVE-2024-8125

Feb. 4, 2025, 10:15 p.m.

None
No Score

Description

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4  with WebReports module installed and enabled.

Product(s) Impacted

Product Versions
OpenText™ Content Management (Extended ECM)
  • 10.0
  • 24.4

Weaknesses

CWE-1287
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058

Tags

security@opentext.com
CWE-1287
2025-02-04
CVE-2024-8125

Date

  • Published: Feb. 4, 2025, 10:15 p.m.
  • Last Modified: Feb. 4, 2025, 10:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@opentext.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.