CVE-2024-3970

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html	Release Notes
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:imanager::::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:-::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:patch1::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:patch2::::::
	cpe:2.3:a:microfocus:imanager:3.2.6:patch3::::::

History

21 Jan 2025, 17:12

Type	Values Removed	Values Added
First Time		Microfocus Microfocus imanager
References	~~() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -~~	() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html - Release Notes
CPE		cpe:2.3:a:microfocus:imanager:3.2.6:patch1:::::: cpe:2.3:a:microfocus:imanager:::::::: cpe:2.3:a:microfocus:imanager:3.2.6:-:::::: cpe:2.3:a:microfocus:imanager:3.2.6:patch2:::::: cpe:2.3:a:microfocus:imanager:3.2.6:patch3::::::

21 Nov 2024, 09:30

Type	Values Removed	Values Added
References	~~() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -~~	() https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html -
Summary		(es) Se ha descubierto una vulnerabilidad de Server Side Request Forgery en OpenText™ iManager 3.2.6.0200. Esto podría dar lugar a la divulgación de información confidencial mediante el directory traversal.

15 May 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-15 17:15

Updated : 2025-01-21 17:12

NVD link : CVE-2024-3970

Mitre link : CVE-2024-3970

CVE.ORG link : CVE-2024-3970

JSON object : View

Products Affected

microfocus

imanager

CWE

CWE-918

Server-Side Request Forgery (SSRF)

5.3 /10