CVE-2024-8125

A remote code vulnerability has been discovered in OpenText™ Content Management.

Description

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4  with WebReports module installed and enabled.

Remediation

Solution:

  • Support articles, alerts & useful tools - OpenText™ Content Management - Remote code vulnerability discovered https://support.opentext.com/csm

Category

5.4
CVSS
Severity: Medium
CVSS 4.0 •
EPSS 0.10%
Affected: OpenText™ Content Management (Extended ECM)
Published at:
Updated at:

References

Link Tags
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058

Frequently Asked Questions

What is the severity of CVE-2024-8125?
CVE-2024-8125 has been scored as a medium severity vulnerability.
How to fix CVE-2024-8125?
To fix CVE-2024-8125: Support articles, alerts & useful tools - OpenText™ Content Management - Remote code vulnerability discovered https://support.opentext.com/csm
Is CVE-2024-8125 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-8125 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-8125?
CVE-2024-8125 affects OpenText™ Content Management (Extended ECM).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.