Improper Validation of Specified Type of Input

CVE-2024-8125

Medium

5.4/10

Summary

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4 with WebReports module installed and enabled.

Attack Complexity: HIGH
Attack Vector: ADJACENT
User Interaction: PASSIVE
Privileges Required: LOW

CWE-1287 - Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References

Advisory Timeline

Published Feb 04, 2025

Improper Validation of Specified Type of Input

CVE-2024-8125

Summary

CWE-1287 - Improper Validation of Specified Type of Input

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS