CVE-2024-12706 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263

History

Mon, 28 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 28 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4.
Title		SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.
Weaknesses		CWE-89
References		https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263
Metrics		cvssV4_0 `{'score': 2.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/S:N/AU:N/R:A/V:C/RE:M/U:Red'}`

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2025-04-28T17:59:56.359Z

Updated: 2025-04-28T18:49:37.985Z

Reserved: 2024-12-17T14:54:57.954Z

Link: CVE-2024-12706

Vulnrichment

Updated: 2025-04-28T18:48:18.207Z

NVD

Status : Deferred

Published: 2025-04-28T18:15:46.943

Modified: 2026-04-15T00:35:42.020

Link: CVE-2024-12706

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12706", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-12-17T14:54:57.954Z", "datePublished": "2025-04-28T17:59:56.359Z", "dateUpdated": "2025-04-28T18:49:37.985Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Digital Asset Management.", "vendor": "OpenText\u2122", "versions": [{"lessThanOrEqual": "24.4", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Joe Haskins, Edgescan"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText\u2122 Digital Asset Management. T\n\n<span style=\"background-color: rgb(255, 255, 255);\">he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. </span>\n\n<p>This issue affects Digital Asset Management.: through 24.4.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText\u2122 Digital Asset Management. T\n\nhe vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. \n\nThis issue affects Digital Asset Management.: through 24.4."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 2.1, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/S:N/AU:N/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-04-28T17:59:56.359Z"}, "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263\">Support articles, alerts & useful tools - SQL Injection vulnerability discovered in OpenText\u2122 Digital Asset Management.</a>\n\n<br>"}], "value": "Support articles, alerts & useful tools - SQL Injection vulnerability discovered in OpenText\u2122 Digital Asset Management. https://support.opentext.com/csm"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL Injection vulnerability discovered in OpenText\u2122 Digital Asset Management.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T18:48:15.360203Z", "id": "CVE-2024-12706", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T18:49:37.985Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12706", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-28T18:48:15.360203Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T18:48:18.207Z"}}], "cna": {"title": "SQL Injection vulnerability discovered in OpenText\u2122 Digital Asset Management.", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Joe Haskins, Edgescan"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 2.1, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/S:N/AU:N/R:A/V:C/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "Digital Asset Management.", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "24.4"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Support articles, alerts & useful tools - SQL Injection vulnerability discovered in OpenText\u2122 Digital Asset Management. https://support.opentext.com/csm", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263\">Support articles, alerts & useful tools - SQL Injection vulnerability discovered in OpenText\u2122 Digital Asset Management.</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText\u2122 Digital Asset Management. T\n\nhe vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. \n\nThis issue affects Digital Asset Management.: through 24.4.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText\u2122 Digital Asset Management. T\n\n<span style=\"background-color: rgb(255, 255, 255);\">he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. </span>\n\n<p>This issue affects Digital Asset Management.: through 24.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2025-04-28T17:59:56.359Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12706", "state": "PUBLISHED", "dateUpdated": "2025-04-28T18:49:37.985Z", "dateReserved": "2024-12-17T14:54:57.954Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2025-04-28T17:59:56.359Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText\u2122 Digital Asset Management. T\n\nhe vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. \n\nThis issue affects Digital Asset Management.: through 24.4."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('Inyecci\u00f3n SQL') en OpenText\u2122 Digital Asset Management. Esta vulnerabilidad podr\u00eda permitir que un usuario autenticado ejecute comandos SQL arbitrarios en la base de datos subyacente. Este problema afecta a Digital Asset Management: hasta la versi\u00f3n 24.4."}], "id": "CVE-2024-12706", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2025-04-28T18:15:46.943", "references": [{"source": "security@opentext.com", "url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0840263"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@opentext.com", "type": "Secondary"}]}