Lucene search

OpenTextCVELIST:CVE-2024-3968

HistoryMay 15, 2024 - 4:39 p.m.

CVE-2024-3968 Remote Code Execution vulnerability in the iManager

2024-05-1516:39:39

CWE-20

OpenText

www.cve.org

cve-2024-3968

opentext imanager

remote code execution

custom file upload

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "platforms": [
      "Windows",
      "Linux",
      "64 bit"
    ],
    "product": "iManager",
    "vendor": "OpenText",
    "versions": [
      {
        "lessThanOrEqual": "3.2.6.0300",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "rpm, exe"
      }
    ]
  }
]

References

www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-3968