CVE-2024-8125

MEDIUM Year: 2024
Weakness Type
CWE-1287
View all →

Vulnerability Description

Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4 with WebReports module installed and enabled.

Related Vulnerabilities

CVE-2024-51551

CRITICAL
CVSS:10.0(Critical)

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07...

CWE-12872024

CVE-2024-4879

CRITICAL
CVSS:9.8(Critical)

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely...

CWE-12872024

CVE-2024-51550

CRITICAL
CVSS:9.8(Critical)

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Seri...

CWE-12872024

CVE-2024-6298

CRITICAL
CVSS:9.8(Critical)

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

CWE-12872024

CVE-2024-5594

CRITICAL
CVSS:9.1(Critical)

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CWE-12872024

CVE-2023-29126

HIGH
CVSS:8.8(High)

The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.

CWE-12872023