PT-2025-18099 · Opentext · Openasset Digital Asset Management
Published
2025-04-28
·
Updated
2025-04-28
·
CVE-2024-12706
CVSS v4.0
2.1
Low
| Vector | AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red |
Name of the Vulnerable Software and Affected Versions
OpenText Digital Asset Management versions through 24.4
Description
The issue is related to an SQL Injection vulnerability, which could allow an authenticated user to run arbitrary SQL commands on the underlying database. This problem affects Digital Asset Management.
Recommendations
For OpenText Digital Asset Management versions through 24.4, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the database and limiting the privileges of authenticated users to minimize the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openasset Digital Asset Management