CVE-2024-3969

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3969
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html Release Notes
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html Release Notes
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microfocus:imanager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:3.2.6:-:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:3.2.6:patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:3.2.6:patch2:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:3.2.6:patch3:*:*:*:*:*:*
History

21 Jan 2025, 17:46

Type Values Removed Values Added
CPE cpe:2.3:a:microfocus:imanager:3.2.6:-:*:*:*:*:*:*

21 Jan 2025, 17:25

Type Values Removed Values Added
First Time Microfocus
Microfocus imanager
References () https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html - () https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html - Release Notes
CPE cpe:2.3:a:microfocus:imanager:3.2.6:patch2:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:3.2.6:patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:imanager:3.2.6:patch3:*:*:*:*:*:*

21 Nov 2024, 09:30

Type Values Removed Values Added
References () https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html - () https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -
Summary
  • (es) Vulnerabilidad de inyección de entidad externa XML encontrada en OpenText™ iManager 3.2.6.0200. Esto podría conducir a la ejecución remota de código al analizar el payload XML que no es de confianza.

28 May 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-28 15:15

Updated : 2025-01-21 17:46

NVD link : CVE-2024-3969

Mitre link : CVE-2024-3969

CVE.ORG link : CVE-2024-3969

JSON object : View

Products Affected

microfocus

  • imanager
CWE
CWE-611

Improper Restriction of XML External Entity Reference