CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
This could lead to information disclosure and remote code execution. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3483 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3483
Remote Code Execution has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. • https://github.com/julio-cfa/CVE-2024-34832 https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3892 – Local code execution vulnerability in Telerik UI for WinForms
https://notcve.org/view.php?id=CVE-2024-3892
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. • https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3967 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3967
Remote Code Execution has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3968 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3968
Remote Code Execution has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-20: Improper Input Validation •