CVE-2024-12530

Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4. End-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application.

CVSS

No CVSS.

References

Link	Resource
https://portal.microfocus.com/s/article/KM000040073?

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad del elemento de ruta de búsqueda no controlada en OpenText Secure Content Manager para Windows permite la carga lateral de DLL. Este problema afecta a Secure Content Manager: versión 23.4. Los usuarios finales podrían explotar esta vulnerabilidad para ejecutar código malicioso en el contexto de confianza de la aplicación de cliente pesado.

17 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-17 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-12530

Mitre link : CVE-2024-12530

CVE.ORG link : CVE-2024-12530

JSON object : View

Products Affected

No product.

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2024-12530", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-17T16:15:27.360", "references": [{"url": "https://portal.microfocus.com/s/article/KM000040073?", "source": "security@opentext.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows allows DLL Side-Loading.This issue affects Secure Content Manager: 23.4.\n\nEnd-users can potentially exploit the vulnerability to execute malicious code in the trusted context of the thick-client application."}, {"lang": "es", "value": "La vulnerabilidad del elemento de ruta de b\u00fasqueda no controlada en OpenText Secure Content Manager para Windows permite la carga lateral de DLL. Este problema afecta a Secure Content Manager: versi\u00f3n 23.4. Los usuarios finales podr\u00edan explotar esta vulnerabilidad para ejecutar c\u00f3digo malicioso en el contexto de confianza de la aplicaci\u00f3n de cliente pesado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@opentext.com"}