Remote Code Execution Vulnerability in OpenText iManager
CVE-2024-3969

7.8HIGH

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 28 May 2024

Summary

An XML External Entity (XXE) injection vulnerability has been identified in OpenText iManager version 3.2.6.0200, which could facilitate a remote attacker to execute arbitrary code. This vulnerability arises when untrusted XML payloads are processed, potentially compromising the security of the system. As maliciously crafted XML can be parsed, there is an elevated risk of unauthorized access and exploitation, necessitating prompt remediation actions.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)