{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8125", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-08-23T17:06:05.021Z", "datePublished": "2025-02-04T21:27:27.804Z", "dateUpdated": "2025-02-04T21:35:16.048Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Content Management (Extended ECM)", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "24.4", "status": "affected", "version": "10.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.&nbsp;\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\n<p>This issue affects Content Management (Extended ECM): from 10.0 through 24.4&nbsp;\n\n with WebReports module\ninstalled and enabled.\n\n</p>"}], "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u00a0\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u00a0\n\n with WebReports module\ninstalled and enabled."}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 5.4, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-02-04T21:27:27.804Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&amp;sysparm_article=KB0833739\">\n\n</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0834058\">Support articles, alerts &amp; useful tools - OpenText\u2122 Content Management - Remote code vulnerability discovered</a>\n\n<br>"}], "value": "Support articles, alerts & useful tools - OpenText\u2122 Content Management - Remote code vulnerability discovered https://support.opentext.com/csm"}], "source": {"discovery": "UNKNOWN"}, "title": "A remote code vulnerability has been discovered in OpenText\u2122 Content Management.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T21:35:07.437156Z", "id": "CVE-2024-8125", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:35:16.048Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8125", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T21:35:07.437156Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:35:12.647Z"}}], "cna": {"title": "A remote code vulnerability has been discovered in OpenText\u2122 Content Management.", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 5.4, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:N/R:U/V:C/RE:H/U:Amber", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Content Management (Extended ECM)", "versions": [{"status": "affected", "version": "10.0", "versionType": "custom", "lessThanOrEqual": "24.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Support articles, alerts & useful tools - OpenText\u2122 Content Management - Remote code vulnerability discovered https://support.opentext.com/csm", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view&amp;sysparm_article=KB0833739\">\n\n</a><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&amp;sysparm_article=KB0834058\">Support articles, alerts &amp; useful tools - OpenText\u2122 Content Management - Remote code vulnerability discovered</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u00a0\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u00a0\n\n with WebReports module\ninstalled and enabled.", "supportingMedia": [{"type": "text/html", "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.&nbsp;\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\n<p>This issue affects Content Management (Extended ECM): from 10.0 through 24.4&nbsp;\n\n with WebReports module\ninstalled and enabled.\n\n</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-02-04T21:27:27.804Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8125", "state": "PUBLISHED", "dateUpdated": "2025-02-04T21:35:16.048Z", "dateReserved": "2024-08-23T17:06:05.021Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2025-02-04T21:27:27.804Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Validation of Specified Type of Input vulnerability in OpenText\u2122 Content Management (Extended ECM) allows Parameter Injection.\u00a0\n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4\u00a0\n\n with WebReports module\ninstalled and enabled."}], "id": "CVE-2024-8125", "lastModified": "2025-02-04T22:15:41.573", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "recovery": "USER", "safety": "PRESENT", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "LOW", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:H/U:Amber", "version": "4.0", "vulnerabilityResponseEffort": "HIGH", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2025-02-04T22:15:41.573", "references": [{"source": "security@opentext.com", "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "security@opentext.com", "type": "Primary"}]}

{}