CVE-2024-10864 | THREATINT

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5

PUBLISHED Reserved 2024-11-05 | Published 2025-05-14 | Updated 2025-05-20 | Assigner OpenText

HIGH: 7.5CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N/U:Green

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status

unaffected

6.5 (rpm) before <

affected

Credits

Maksymilian Kubiak and Sławomir Zakrzewski [AFINE Team] finder

References

www.netiq.com/...vanced-authentication-releasenotes-6.5.html

cve.org (CVE-2024-10864)

nvd.nist.gov (CVE-2024-10864)

Download JSON