CVE-2024-3969 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3969
XML External Entity injection vulnerability found in OpenTextâ„¢ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload Vulnerabilidad de inyección de entidad externa XML encontrada en OpenTextâ„¢ iManager 3.2.6.0200. Esto podría conducir a la ejecución remota de código al analizar el payload XML que no es de confianza. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-5201 – Dimensions RM - Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-5201
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request La escalada de privilegios en OpenText Dimensions RM permite a un usuario autenticado escalar su privilegio al privilegio de otro usuario a través de una solicitud HTTP. • https://portal.microfocus.com/s/article/KM000029985 • CWE-287: Improper Authentication •
CVE-2024-5202 – Dimensions RM - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-5202
Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices Lectura arbitraria de archivos en OpenText Dimensions RM permite a los usuarios autenticados leer archivos almacenados en el servidor a través de servicios web • https://portal.microfocus.com/s/article/KM000029988 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-2835 – OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-2835
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-3482 – OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-3482
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •