iManager Vulnerable to Remote Code Execution and Command Injection
CVE-2024-3483

9.8CRITICAL

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 15 May 2024

Summary

A security flaw in OpenText iManager 3.2.6.0200 allows attackers to execute arbitrary commands via remote code execution. This vulnerability can exploit command injection techniques and results in insecure deserialization, potentially leading to unauthorized access and manipulation of system data. Immediate patching and thorough security assessments are recommended to mitigate the associated risks.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 8, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)