{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34711?format=json","vulnerability_id":"VCID-nb7n-b3m6-eyf1","summary":"Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. \n\nA bad actor with the required OpenText Content Management privileges (not root) could expose\nthe vulnerability to carry out a remote code execution attack on the target system.\n\nThis issue affects Content Management (Extended ECM): from 10.0 through 24.4 \n\n with WebReports module\ninstalled and enabled.","aliases":[{"alias":"CVE-2024-8125"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8125","reference_id":"","reference_type":"","scores":[{"value":"0.00365","scoring_system":"epss","scoring_elements":"0.58917","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8125"},{"reference_url":"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058","reference_id":"csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/S:P/AU:N/R:U/V:C/RE:H/U:Amber"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-04T21:35:07Z/"}],"url":"https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0834058"}],"weaknesses":[{"cwe_id":1287,"name":"Improper Validation of Specified Type of Input","description":"The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type."}],"exploits":[],"severity_range_score":"5.4 - 5.4","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nb7n-b3m6-eyf1"}