CVE-2024-12706: SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T
he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database.
This issue affects Digital Asset Management.: through 24.4.
Classification
CVE ID: CVE-2024-12706
CVSS Base Severity: LOW
CVSS Base Score: 2.1
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/S:N/AU:N/R:A/V:C/RE:M/U:Red
Problem Types
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Affected Products
Vendor: OpenText™
Product: Digital Asset Management.
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 4.8% (scored less or equal to compared to others)
EPSS Date: 2025-05-27 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-12706https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263