CVE-2024-8125

{"id": "CVE-2024-8125", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 5.4, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:H/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-04T22:15:41.573", "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058", "source": "security@opentext.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u00a0\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u00a0\n\n with WebReports module\ninstalled and enabled."}, {"lang": "es", "value": "La vulnerabilidad de validaci\u00f3n incorrecta del tipo de entrada especificado en OpenText\u2122 Content Management (Extended ECM) permite la inyecci\u00f3n de par\u00e1metros. Un actor malintencionado con los privilegios necesarios de OpenText Content Management (no root) podr\u00eda exponer la vulnerabilidad para llevar a cabo un ataque de ejecuci\u00f3n de c\u00f3digo remoto en el sistema de destino. Este problema afecta a Content Management (Extended ECM): desde la versi\u00f3n 10.0 hasta la 24.4 con el m\u00f3dulo WebReports instalado y habilitado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@opentext.com"}