PT-2025-17020 · Opentext · Opentext Secure Content Manager
Kirwin Webb
·
Published
2025-04-17
·
Updated
2025-04-18
·
CVE-2024-12530
CVSS v4.0
7.0
High
| Vector | AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
OpenText Secure Content Manager version 23.4
Description
The issue is related to an Uncontrolled Search Path Element vulnerability in OpenText Secure Content Manager on Windows, which allows DLL Side-Loading. This could potentially be exploited by end-users to execute malicious code in the trusted context of the thick-client application.
Recommendations
For OpenText Secure Content Manager version 23.4, consider restricting access to the application until a patch is available, and avoid using any potentially vulnerable DLLs. As a temporary workaround, consider disabling any features that may be using the vulnerable search path element until a fix is provided.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Secure Content Manager