CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3968 – Remote Code Execution vulnerability in the iManager
https://notcve.org/view.php?id=CVE-2024-3968
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task. Se ha descubierto la ejecución remota de código en OpenText™ iManager 3.2.6.0200. La vulnerabilidad puede desencadenar la ejecución remota de código mediante una tarea de carga de archivos personalizada. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3970 – Server-Side Request Forgery vulnerability in iManager
https://notcve.org/view.php?id=CVE-2024-3970
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal. Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial mediante el directory traversal. • https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7240 – Broken Access Control leading to SSRF in NetIQ Identity Console
https://notcve.org/view.php?id=CVE-2023-7240
An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address. Se ha detectado un nivel de autorización inadecuado en el panel de inicio de sesión. Puede provocar Server Side Request Forgery no autenticadas y permite realizar una enumeración de servicios abiertos. • https://www.netiq.com/documentation/identity-console/identity_console1720000_releasenotes/data/identity_console1720000_releasenotes.html • CWE-20: Improper Input Validation •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2834 – OpenText ArcSight Management Center and ArcSight Platform Stored XSS
https://notcve.org/view.php?id=CVE-2024-2834
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en OpenText ArcSight Management Center y ArcSight Platform. La vulnerabilidad podría explotarse de forma remota. • https://portal.microfocus.com/s/article/KM000028275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6400 – Incorrect user authorization vulnerability on OpenText ZENworks Configuration Management (ZCM) product.
https://notcve.org/view.php?id=CVE-2023-6400
Incorrect Authorization vulnerability in OpenText™ ZENworks Configuration Management (ZCM) allows Unauthorized Use of Device Resources.This issue affects ZENworks Configuration Management (ZCM) versions: 2020 update 3, 23.3, and 23.4. Una vulnerabilidad de autorización incorrecta en OpenText™ ZENworks Configuration Management (ZCM) permite el uso no autorizado de recursos del dispositivo. Este problema afecta a las versiones de ZENworks Configuration Management (ZCM): actualización 3, 23.3 y 23.4 de 2020. • https://portal.microfocus.com/s/article/KM000027630?language=en_US • CWE-863: Incorrect Authorization •