CVE-2024-10864 HIGH

CVE-2024-10864: SQL Injection vulnerability has been discovered in OpenText™ Advanced Authentication.

Vendor Opentext

Product Advance Authentication

Weakness CWE-89 · SQLi

Published May 14, 2025

Last update May 20, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N/U:Green

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5

Key dates

02Disclosure timeline

May 14, 2025 CVE published

May 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10864

Related vulnerabilities

04Related CVE

CVE-2025-4705 PHPGurukul Vehicle Parking Management System view-incomingvehicle-detail.php sql injection CVE-2025-4698 PHPGurukul Directory Management System forget-password.php sql injection CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection CVE-2025-13077 افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection CVE-2026-5583 PHPGurukul Online Shopping Portal Project Parameter my-profile.php sql injection