CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3969 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3969
28 May 2024 — XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría conducir a la ejecución remota de código al analizar el payload XML que no es de confianza. XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payl... • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3488 – File Upload vulnerability in unauthenticated session found in iManager.
https://notcve.org/view.php?id=CVE-2024-3488
15 May 2024 — File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. Vulnerabilidad de carga de archivos en una sesión no autenticada encontrada en OpenText™ iManager 3.2.6.0200. La vulnerabilidad podría permitir que un atacante hormiga cargue un archivo sin autenticación. File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3487 – Broken Authentication vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3487
15 May 2024 — Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication. Vulnerabilidad de autenticación rota descubierta en OpenText™ iManager 3.2.6.0200. Esta vulnerabilidad permite a un atacante manipular ciertos parámetros para eludir la autenticación. Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
15 May 2024 — XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información y la ejecución remota de código. XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
15 May 2024 — Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial. Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3484 – Path Traversal vulnerability found in iManager
https://notcve.org/view.php?id=CVE-2024-3484
15 May 2024 — Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. Path Traversal encontrada en OpenText™ iManager 3.2.6.0200. Esto puede conducir a una escalada de privilegios o a la divulgación de archivos. Path Traversal found in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3483 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3483
15 May 2024 — Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. Se ha descubierto la ejecución remota de código en OpenText™ iManager 3.2.6.0200. La vulnerabilidad puede provocar inyección de comandos y problemas de deserialización insegura. Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. • https://github.com/julio-cfa/CVE-2024-34832 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3967 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3967
15 May 2024 — Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. Se ha descubierto la ejecución remota de código en OpenText™ iManager 3.2.6.0200. La vulnerabilidad puede desencadenar la ejecución remota de código eliminando la deserialización de objetos Java inseguros. Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3968 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3968
15 May 2024 — Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. Se ha descubierto la ejecución remota de código en OpenText™ iManager 3.2.6.0200. La vulnerabilidad puede desencadenar la ejecución remota de código mediante una tarea de carga de archivos personalizada. Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3970 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3970
15 May 2024 — Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial mediante el directory traversal. Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •