CVE-2024-3483

Published: May 15, 2024Modified: Jan 21, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

Affected (4)

Products: Microfocus: Imanager

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microfocus Imanager	From 3.0 to 3.2.6
Microfocus Imanager	Version 3.2.6 patch1
Microfocus Imanager	Version 3.2.6 patch2
Microfocus Imanager	Version 3.2.6 patch3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html

Source: security@opentext.com

Release Notes

https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.