cve-2024-8125
Vulnerability from cvelistv5
Published
2025-02-04 21:27
Modified
2025-02-04 21:35
Severity ?
EPSS score ?
Summary
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.
A bad actor with the required OpenText Content Management privileges (not root) could expose
the vulnerability to carry out a remote code execution attack on the target system.
This issue affects Content Management (Extended ECM): from 10.0 through 24.4
with WebReports module
installed and enabled.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
OpenText™ | Content Management (Extended ECM) |
Version: 10.0 < |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-8125", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-04T21:35:07.437156Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-04T21:35:16.048Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Content Management (Extended ECM)", "vendor": "OpenText\u2122", "versions": [ { "lessThanOrEqual": "24.4", "status": "affected", "version": "10.0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u0026nbsp;\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\n\u003cp\u003eThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u0026nbsp;\n\n with WebReports module\ninstalled and enabled.\n\n\u003c/p\u003e" } ], "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u00a0\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u00a0\n\n with WebReports module\ninstalled and enabled." } ], "impacts": [ { "capecId": "CAPEC-137", "descriptions": [ { "lang": "en", "value": "CAPEC-137 Parameter Injection" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-04T21:27:27.804Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText" }, "references": [ { "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0834058" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0833739\"\u003e\n\n\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0834058\"\u003eSupport articles, alerts \u0026amp; useful tools - OpenText\u2122 Content Management - Remote code vulnerability discovered\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Support articles, alerts \u0026 useful tools - OpenText\u2122 Content Management - Remote code vulnerability discovered https://support.opentext.com/csm" } ], "source": { "discovery": "UNKNOWN" }, "title": "A remote code vulnerability has been discovered in OpenText\u2122 Content Management.", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "OpenText", "cveId": "CVE-2024-8125", "datePublished": "2025-02-04T21:27:27.804Z", "dateReserved": "2024-08-23T17:06:05.021Z", "dateUpdated": "2025-02-04T21:35:16.048Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-8125\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2025-02-04T22:15:41.573\",\"lastModified\":\"2025-02-04T22:15:41.573\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u00a0\\n\\nA bad actor with the required OpenText Content Management privileges (not root) could expose\\nthe vulnerability to carry out a remote code execution attack on the target system.\\n\\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u00a0\\n\\n with WebReports module\\ninstalled and enabled.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:H/U:Amber\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"LOW\",\"subsequentSystemIntegrity\":\"LOW\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"PRESENT\",\"automatable\":\"NO\",\"recovery\":\"USER\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"HIGH\",\"providerUrgency\":\"AMBER\"}}]},\"weaknesses\":[{\"source\":\"security@opentext.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1287\"}]}],\"references\":[{\"url\":\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0834058\",\"source\":\"security@opentext.com\"}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8125\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T21:35:07.437156Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T21:35:12.647Z\"}}], \"cna\": {\"title\": \"A remote code vulnerability has been discovered in OpenText\\u2122 Content Management.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-137\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-137 Parameter Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"PRESENT\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 5.4, \"Automatable\": \"NO\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:N/R:U/V:C/RE:H/U:Amber\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OpenText\\u2122\", \"product\": \"Content Management (Extended ECM)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"24.4\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Support articles, alerts \u0026 useful tools - OpenText\\u2122 Content Management - Remote code vulnerability discovered https://support.opentext.com/csm\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0833739\\\"\u003e\\n\\n\u003c/a\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026amp;sysparm_article=KB0834058\\\"\u003eSupport articles, alerts \u0026amp; useful tools - OpenText\\u2122 Content Management - Remote code vulnerability discovered\u003c/a\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0834058\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Validation of Specified Type of Input vulnerability in OpenText\\u2122 Content Management (Extended ECM) allows Parameter Injection.\\u00a0\\n\\nA bad actor with the required OpenText Content Management privileges (not root) could expose\\nthe vulnerability to carry out a remote code execution attack on the target system.\\n\\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\\u00a0\\n\\n with WebReports module\\ninstalled and enabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Validation of Specified Type of Input vulnerability in OpenText\\u2122 Content Management (Extended ECM) allows Parameter Injection.\u0026nbsp;\\n\\nA bad actor with the required OpenText Content Management privileges (not root) could expose\\nthe vulnerability to carry out a remote code execution attack on the target system.\\n\\n\u003cp\u003eThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u0026nbsp;\\n\\n with WebReports module\\ninstalled and enabled.\\n\\n\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1287\", \"description\": \"CWE-1287 Improper Validation of Specified Type of Input\"}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2025-02-04T21:27:27.804Z\"}}}", "cveMetadata": "{\"cveId\": \"CVE-2024-8125\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T21:35:16.048Z\", \"dateReserved\": \"2024-08-23T17:06:05.021Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2025-02-04T21:27:27.804Z\", \"assignerShortName\": \"OpenText\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.