CVE-2024-12706

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4.

CVSS

No CVSS.

References

Link	Resource
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263

Configurations

No configuration.

History

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyección SQL') en OpenText™ Digital Asset Management. Esta vulnerabilidad podría permitir que un usuario autenticado ejecute comandos SQL arbitrarios en la base de datos subyacente. Este problema afecta a Digital Asset Management: hasta la versión 24.4.

28 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-28 18:15

Updated : 2025-04-29 13:52

NVD link : CVE-2024-12706

Mitre link : CVE-2024-12706

CVE.ORG link : CVE-2024-12706

JSON object : View

Products Affected

No product.

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-12706", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 2.1, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-28T18:15:46.943", "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263", "source": "security@opentext.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText\u2122 Digital Asset Management. T\n\nhe vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. \n\nThis issue affects Digital Asset Management.: through 24.4."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en OpenText\u2122 Digital Asset Management. Esta vulnerabilidad podr\u00eda permitir que un usuario autenticado ejecute comandos SQL arbitrarios en la base de datos subyacente. Este problema afecta a Digital Asset Management: hasta la versi\u00f3n 24.4."}], "lastModified": "2025-04-29T13:52:10.697", "sourceIdentifier": "security@opentext.com"}