Microfocus Imanager vulnerabilities
22 known vulnerabilities affecting microfocus/imanager.
Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH5MEDIUM5
Vulnerabilities
Page 1 of 2
CVE-2024-3488P2CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3488 [CRITICAL] CWE-20 CVE-2024-3488: File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vul
File Upload vulnerability in unauthenticated
session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a
file without authentication.
nvd
CVE-2021-38117P2CRITICALCVSS 9.8≥ 3.0, < 3.2.52024-11-22
CVE-2021-38117 [CRITICAL] CWE-94 CVE-2021-38117: Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.
Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
nvd
CVE-2024-3483P3CRITICALCVSS 9.8≥ 3.0, ≤ 3.2.6v3.2.62024-05-15
CVE-2024-3483 [CRITICAL] CWE-77 CVE-2024-3483: Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can tr
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
nvd
CVE-2024-3967P2CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3967 [CRITICAL] CWE-502 CVE-2024-3967: Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can tr
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution unisng unsafe java object deserialization.
nvd
CVE-2024-3969P2CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-28
CVE-2024-3969 [CRITICAL] CWE-611 CVE-2024-3969: XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
nvd
CVE-2024-3487P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3487 [CRITICAL] CWE-287 CVE-2024-3487: Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This
vulnerability allows an attacker to manipulate certain parameters to bypass
authentication.
nvd
CVE-2023-24467P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-11-22
CVE-2023-24467 [CRITICAL] CWE-77 CVE-2023-24467: Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.
Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000.
nvd
CVE-2024-3968P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3968 [CRITICAL] CWE-20 CVE-2024-3968: Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can tr
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.
nvd
CVE-2024-3486P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3486 [CRITICAL] CWE-611 CVE-2024-3486: XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
nvd
CVE-2023-24466P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-11-22
CVE-2023-24466 [CRITICAL] CWE-611 CVE-2023-24466: Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™
Possible XML External Entity Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0200.
nvd
CVE-2021-38116P3HIGHCVSS 8.8fixed in 3.2.52024-11-22
CVE-2021-38116 [HIGH] CWE-77 CVE-2021-38116: Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager
Possible Elevation of Privilege Vulnerability
in iManager has been discovered in
OpenText™ iManager. This impacts all versions before 3.2.5
nvd
CVE-2024-3484P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3484 [CRITICAL] CWE-22 CVE-2024-3484: Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation
or file disclosure.
nvd
CVE-2021-38135P3CRITICALCVSS 9.8≥ 3.0, ≤ 3.2.5v3.2.62024-11-22
CVE-2021-38135 [CRITICAL] CWE-406 CVE-2021-38135: Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager
Possible
External Service Interaction attack
in iManager has been discovered in
OpenText™ iManager 3.2.6.0000.
nvd
CVE-2024-3970P3HIGHCVSS 7.5≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3970 [HIGH] CWE-918 CVE-2024-3970: Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure by directory traversal.
nvd
CVE-2024-3485P3HIGHCVSS 7.5≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3485 [HIGH] CWE-918 CVE-2024-3485: Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure.
nvd
CVE-2021-38118P3HIGHCVSS 7.8≥ 3.0, < 3.2.52024-11-22
CVE-2021-38118 [HIGH] CWE-250 CVE-2021-38118: Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iMana
Possible improper input validation Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
nvd
CVE-2024-4429P4HIGHCVSS 7.4≥ 3.0, < 3.2.6v3.2.62024-05-28
CVE-2024-4429 [HIGH] CWE-352 CVE-2024-4429: Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure.
nvd
CVE-2021-38134P4MEDIUMCVSS 6.1≥ 3.0, < 3.2.62024-11-22
CVE-2021-38134 [MEDIUM] CWE-79 CVE-2021-38134: Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.00
Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.5.0000.
nvd
CVE-2020-11859P4MEDIUMCVSS 5.4fixed in 3.2.32024-11-06
CVE-2020-11859 [MEDIUM] CWE-79 CVE-2020-11859: Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
nvd
CVE-2022-26324P4MEDIUMCVSS 5.4v3.2.62024-11-22
CVE-2022-26324 [MEDIUM] CWE-79 CVE-2022-26324: Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.00
Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.6.0000.
nvd
1 / 2Next →