PT-2025-3697 · Opentext · Opentext Content Management
Published
2025-02-04
·
Updated
2025-02-04
·
CVE-2024-8125
CVSS v4.0
5.4
Medium
| Vector | AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:N/R:U/V:C/RE:H/U:Amber |
Name of the Vulnerable Software and Affected Versions
OpenText Content Management (Extended ECM) versions 10.0 through 24.4
Description
The issue is related to improper validation of specified input types, allowing parameter injection. An actor with necessary privileges could exploit this to carry out a remote code execution attack on the target system. This issue affects systems with the WebReports module installed and enabled.
Recommendations
For versions 10.0 through 24.4, consider disabling the WebReports module until a patch is available to prevent exploitation. Restrict access to the system to minimize the risk of remote code execution attacks.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opentext Content Management