Remote Code Execution Vulnerability in OpenText iManager
CVE-2024-3968

9.8CRITICAL

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 15 May 2024

Summary

A remote code execution vulnerability has been identified in OpenText™ iManager version 3.2.6.0200. This flaw allows an unauthorized attacker to execute arbitrary code on the affected system by exploiting a custom file upload task. Malicious actors can leverage this vulnerability to gain control over the server, potentially leading to data breaches and further exploitations. Users and administrators are urged to take immediate precautions and assess their systems for potential impacts.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 15, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)