iManager Vulnerable to Remote Code Execution and Command Injection
CVE-2024-3483

7.8HIGH

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 15 May 2024

Summary

A security flaw in OpenText iManager 3.2.6.0200 allows attackers to execute arbitrary commands via remote code execution. This vulnerability can exploit command injection techniques and results in insecure deserialization, potentially leading to unauthorized access and manipulation of system data. Immediate patching and thorough security assessments are recommended to mitigate the associated risks.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 8, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)