Remote Code Execution Vulnerability in OpenText iManager
CVE-2024-3969

9.8CRITICAL

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 28 May 2024

Summary

An XML External Entity (XXE) injection vulnerability has been identified in OpenText iManager version 3.2.6.0200, which could facilitate a remote attacker to execute arbitrary code. This vulnerability arises when untrusted XML payloads are processed, potentially compromising the security of the system. As maliciously crafted XML can be parsed, there is an elevated risk of unauthorized access and exploitation, necessitating prompt remediation actions.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Apr 18, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)