Primary

Context

OpenText Digital Asset Management SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in OpenText Digital Asset Management versions through 24.4. This vulnerability allows authenticated users to execute arbitrary SQL commands on the underlying database. While the database remains uncompromised with no data loss or information leakage, the potential for executing unauthorized SQL commands poses a significant risk.

Impact

Exploitation of this vulnerability could allow an authenticated user to execute arbitrary SQL commands on the database, potentially leading to unauthorized data manipulation or access.

Remediation

This vulnerability is resolved in OpenText Digital Asset Management version 25.1 for containerized deployments. For off-cloud deployments, hotfixes are available for version 22.4 and 24.4.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

10.0

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenText Digital Asset Management SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating