Remote Code Execution Vulnerability in OpenText iManager
CVE-2024-3968

7.8HIGH

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 15 May 2024

Summary

A remote code execution vulnerability has been identified in OpenText™ iManager version 3.2.6.0200. This flaw allows an unauthorized attacker to execute arbitrary code on the affected system by exploiting a custom file upload task. Malicious actors can leverage this vulnerability to gain control over the server, potentially leading to data breaches and further exploitations. Users and administrators are urged to take immediate precautions and assess their systems for potential impacts.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)