CVE-2021-22508 – Potential SQL injection in OpenText Operations Bridge Reporter
https://notcve.org/view.php?id=CVE-2021-22508
A potential vulnerability has been identified for OpenText Operations Bridge Reporter. The vulnerability could be exploited to inject malicious SQL queries. An attack requires to be an authenticated administrator of OBR with network access to the OBR web application. Se ha identificado una vulnerabilidad potencial para OpenText Operations Bridge Reporter. La vulnerabilidad podría explotarse para inyectar consultas SQL maliciosas. • https://support.microfocus.com/kb/kmdoc.php?id=KM03793174 • CWE-20: Improper Input Validation •
CVE-2024-3488 – File Upload vulnerability in unauthenticated session found in iManager.
https://notcve.org/view.php?id=CVE-2024-3488
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. Vulnerabilidad de carga de archivos en una sesión no autenticada encontrada en OpenText™ iManager 3.2.6.0200. La vulnerabilidad podría permitir que un atacante hormiga cargue un archivo sin autenticación. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-20: Improper Input Validation •
CVE-2024-3487 – Broken Authentication vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3487
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication. Vulnerabilidad de autenticación rota descubierta en OpenText™ iManager 3.2.6.0200. Esta vulnerabilidad permite a un atacante manipular ciertos parámetros para eludir la autenticación. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-287: Improper Authentication •
CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información y la ejecución remota de código. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •