CVE-2024-3488

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html	Release Notes
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:imanager::::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:-::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:patch1::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:patch2::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:patch3::::::

History

21 Jan 2025, 17:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:microfocus:imanager:3.2.6:-::::::

21 Jan 2025, 17:27

Type	Values Removed	Values Added
CPE		cpe:2.3:a:microfocus:imanager:3.2.6:patch2:::::: cpe:2.3:a:microfocus:imanager:3.2.6:patch1:::::: cpe:2.3:a:microfocus:imanager:::::::: cpe:2.3:a:microfocus:imanager:3.2.6:patch3::::::
CWE		CWE-434
References	~~() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -~~	() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html - Release Notes
First Time		Microfocus Microfocus imanager

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -~~	() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -
Summary		(es) Vulnerabilidad de carga de archivos en una sesión no autenticada encontrada en OpenText™ iManager 3.2.6.0200. La vulnerabilidad podría permitir que un atacante hormiga cargue un archivo sin autenticación.

15 May 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-15 17:15

Updated : 2025-01-21 17:54

NVD link : CVE-2024-3488

Mitre link : CVE-2024-3488

CVE.ORG link : CVE-2024-3488

JSON object : View

Products Affected

microfocus

imanager

CWE

CWE-20

Improper Input Validation

CWE-434

Unrestricted Upload of File with Dangerous Type

5.6 /10