CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5201 – Dimensions RM - Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-5201
23 May 2024 — Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request La escalada de privilegios en OpenText Dimensions RM permite a un usuario autenticado escalar su privilegio al privilegio de otro usuario a través de una solicitud HTTP. Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request • https://portal.microfocus.com/s/article/KM000029985 • CWE-287: Improper Authentication •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5202 – Dimensions RM - Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-5202
23 May 2024 — Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices Lectura arbitraria de archivos en OpenText Dimensions RM permite a los usuarios autenticados leer archivos almacenados en el servidor a través de servicios web Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices • https://portal.microfocus.com/s/article/KM000029988 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2835 – OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-2835
20 May 2024 — A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3482 – OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-3482
20 May 2024 — A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross Site Scripting Almacenado (XSS) en OpenText ArcSight Enterprise Security Manager y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000029773 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22508 – Potential SQL injection in OpenText Operations Bridge Reporter
https://notcve.org/view.php?id=CVE-2021-22508
17 May 2024 — A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application. Se ha identificado una vulnerabilidad potencial para OpenText Operations Bridge Reporter. La vulnerabilidad podría explotarse para inyectar consultas SQL maliciosas. • https://support.microfocus.com/kb/kmdoc.php?id=KM03793174 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3488 – File Upload vulnerability in unauthenticated session found in iManager.
https://notcve.org/view.php?id=CVE-2024-3488
15 May 2024 — File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. Vulnerabilidad de carga de archivos en una sesión no autenticada encontrada en OpenText™ iManager 3.2.6.0200. La vulnerabilidad podría permitir que un atacante hormiga cargue un archivo sin autenticación. File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3487 – Broken Authentication vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3487
15 May 2024 — Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication. Vulnerabilidad de autenticación rota descubierta en OpenText™ iManager 3.2.6.0200. Esta vulnerabilidad permite a un atacante manipular ciertos parámetros para eludir la autenticación. Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
15 May 2024 — XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información y la ejecución remota de código. XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
15 May 2024 — Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial. Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3484 – Path Traversal vulnerability found in iManager
https://notcve.org/view.php?id=CVE-2024-3484
15 May 2024 — Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. Path Traversal encontrada en OpenText™ iManager 3.2.6.0200. Esto puede conducir a una escalada de privilegios o a la divulgación de archivos. Path Traversal found in OpenText™ iManager 3.2.6.0200. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •