iManager 3.2.6.0200 Vulnerable to Cross-Site Request Forgery
CVE-2024-4429

7.4HIGH

Key Information:

Vendor: Opentext
Status: Imanager
Vendor: CVE Published:; 28 May 2024

What is CVE-2024-4429?

A Cross-Site Request Forgery vulnerability has been identified in OpenText™ iManager 3.2.6.0200. This vulnerability may enable attackers to perform unauthorized actions on behalf of users without their consent, potentially leading to the exposure of sensitive information.

Affected Version(s)

iManager Windows 3.0.0 <= 3.2.6.0300

References

https://www.netiq.com/documentation/imanager-32/imanager3...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
May 2, 2024

Credit

Blaine Herro (Yahoo! Inc. VRT)