CVE-2024-3486 – XML External Entity injection vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3486
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información y la ejecución remota de código. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-3485 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3485
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure. Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-3484 – Path Traversal vulnerability found in iManager
https://notcve.org/view.php?id=CVE-2024-3484
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure. Path Traversal encontrada en OpenText™ iManager 3.2.6.0200. Esto puede conducir a una escalada de privilegios o a la divulgación de archivos. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2024-3483 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3483
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. Se ha descubierto la ejecución remota de código en OpenText™ iManager 3.2.6.0200. La vulnerabilidad puede provocar inyección de comandos y problemas de deserialización insegura. • https://github.com/julio-cfa/CVE-2024-34832 https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type CWE-502: Deserialization of Untrusted Data •
CVE-2024-3967 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3967
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. Se ha descubierto la ejecución remota de código en OpenText™ iManager 3.2.6.0200. La vulnerabilidad puede desencadenar la ejecución remota de código eliminando la deserialización de objetos Java inseguros. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-502: Deserialization of Untrusted Data •