CVE-2024-10864 is a high-severity SQL Injection vulnerability (CWE-89) affecting OpenText Advanced Authentication versions prior to 6.5. This vulnerability arises from improper neutralization of special elements in SQL commands, allowing an attacker with high privileges to inject malicious SQL code. The vulnerability requires network access and high authentication privileges, but no user interaction is needed. The CVSS 4.0 score is 7.5, reflecting a significant risk primarily due to the potential for data confidentiality, integrity, and availability compromise. Exploitation could allow an attacker to manipulate backend databases, potentially leading to unauthorized data access, modification, or deletion. Given that OpenText Advanced Authentication is used for identity and access management, exploitation could undermine authentication processes, enabling privilege escalation or bypass of security controls. Although no known exploits are currently reported in the wild, the vulnerability's nature and affected product suggest a critical risk if left unpatched. The vulnerability is limited to versions before 6.5, and no official patch links are provided yet, emphasizing the need for prompt vendor updates or mitigations.

For European organizations, this vulnerability poses a significant threat to the security of authentication infrastructure. Compromise of OpenText Advanced Authentication could lead to unauthorized access to sensitive systems and data, undermining compliance with GDPR and other data protection regulations. The integrity and availability of authentication services could be disrupted, potentially causing operational downtime and loss of trust. Organizations relying on this product for multi-factor authentication or single sign-on may face increased risk of credential compromise or session hijacking. The impact is heightened in sectors with stringent security requirements such as finance, healthcare, and government, where identity management is critical. Additionally, the potential for data breaches could result in regulatory penalties and reputational damage.

European organizations should immediately assess their use of OpenText Advanced Authentication and verify the version in deployment. Upgrading to version 6.5 or later, once available, is the primary mitigation. Until a patch is released, organizations should implement network-level controls to restrict access to the authentication system to trusted hosts and networks only. Employing Web Application Firewalls (WAFs) with SQL injection detection and prevention capabilities can help mitigate exploitation attempts. Conduct thorough input validation and sanitization on any custom integrations with the authentication system. Monitoring authentication logs for unusual activity and implementing anomaly detection can provide early warning of exploitation attempts. Additionally, organizations should review and enforce the principle of least privilege to limit the impact of any compromised credentials. Coordination with OpenText support for timely updates and advisories is essential.