iManager 3.2.5.0000 Vulnerable to XSS Attacks
CVE-2021-38134

6.1MEDIUM

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 22 November 2024

Summary

A cross-site scripting (XSS) vulnerability has been identified in the OpenText iManager 3.2.5.0000, specifically in the URL access component. This vulnerability permits an attacker to inject malicious scripts into the web interface. Successful exploitation could lead to unauthorized access and manipulation of user sessions. Organizations using this version of OpenText iManager are advised to implement security measures to sanitize input and upgrade to a secure version to mitigate potential risks.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.5.0000

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Aug 4, 2021