cbcvebase.

Microfocus Imanager vulnerabilities

22 known vulnerabilities affecting microfocus/imanager.

Total CVEs
22
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH5MEDIUM5

Vulnerabilities

Page 1 of 2
CVE-2024-3488P2CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3488 [CRITICAL] CWE-20 CVE-2024-3488: File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vul File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
nvd
CVE-2021-38117P2CRITICALCVSS 9.8≥ 3.0, < 3.2.52024-11-22
CVE-2021-38117 [CRITICAL] CWE-94 CVE-2021-38117: Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2. Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
nvd
CVE-2024-3483P3CRITICALCVSS 9.8≥ 3.0, ≤ 3.2.6v3.2.62024-05-15
CVE-2024-3483 [CRITICAL] CWE-77 CVE-2024-3483: Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can tr Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
nvd
CVE-2024-3967P2CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3967 [CRITICAL] CWE-502 CVE-2024-3967: Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can tr Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
nvd
CVE-2024-3969P2CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-28
CVE-2024-3969 [CRITICAL] CWE-611 CVE-2024-3969: XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
nvd
CVE-2024-3487P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3487 [CRITICAL] CWE-287 CVE-2024-3487: Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
nvd
CVE-2023-24467P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-11-22
CVE-2023-24467 [CRITICAL] CWE-77 CVE-2023-24467: Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3. Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
nvd
CVE-2024-3968P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3968 [CRITICAL] CWE-20 CVE-2024-3968: Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can tr Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
nvd
CVE-2024-3486P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3486 [CRITICAL] CWE-611 CVE-2024-3486: XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
nvd
CVE-2023-24466P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-11-22
CVE-2023-24466 [CRITICAL] CWE-611 CVE-2023-24466: Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
nvd
CVE-2021-38116P3HIGHCVSS 8.8fixed in 3.2.52024-11-22
CVE-2021-38116 [HIGH] CWE-77 CVE-2021-38116: Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5
nvd
CVE-2024-3484P3CRITICALCVSS 9.8≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3484 [CRITICAL] CWE-22 CVE-2024-3484: Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.
nvd
CVE-2021-38135P3CRITICALCVSS 9.8≥ 3.0, ≤ 3.2.5v3.2.62024-11-22
CVE-2021-38135 [CRITICAL] CWE-406 CVE-2021-38135: Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
nvd
CVE-2024-3970P3HIGHCVSS 7.5≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3970 [HIGH] CWE-918 CVE-2024-3970: Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.
nvd
CVE-2024-3485P3HIGHCVSS 7.5≥ 3.0, < 3.2.6v3.2.62024-05-15
CVE-2024-3485 [HIGH] CWE-918 CVE-2024-3485: Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.
nvd
CVE-2021-38118P3HIGHCVSS 7.8≥ 3.0, < 3.2.52024-11-22
CVE-2021-38118 [HIGH] CWE-250 CVE-2021-38118: Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iMana Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
nvd
CVE-2024-4429P4HIGHCVSS 7.4≥ 3.0, < 3.2.6v3.2.62024-05-28
CVE-2024-4429 [HIGH] CWE-352 CVE-2024-4429: Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure.
nvd
CVE-2021-38134P4MEDIUMCVSS 6.1≥ 3.0, < 3.2.62024-11-22
CVE-2021-38134 [MEDIUM] CWE-79 CVE-2021-38134: Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.00 Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000.
nvd
CVE-2020-11859P4MEDIUMCVSS 5.4fixed in 3.2.32024-11-06
CVE-2020-11859 [MEDIUM] CWE-79 CVE-2020-11859: Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
nvd
CVE-2022-26324P4MEDIUMCVSS 5.4v3.2.62024-11-22
CVE-2022-26324 [MEDIUM] CWE-79 CVE-2022-26324: Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.00 Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.
nvd
Microfocus Imanager vulnerabilities | cvebase