Micro Focus Imanager

OpenText iManager EP Vulnerability (before 3.2.5)
CVE-2021-38116 8.8 - High - November 22, 2024

Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText iManager. This impacts all versions before 3.2.5

Command Injection

OpenText iManager 3.2.4.0000 Cmd Injection Vulnerability
CVE-2021-38117 9.8 - Critical - November 22, 2024

Possible Command injection Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

Command Injection

OpenText iManager 3.2.4.0000 Improper Input Validation in iManager
CVE-2021-38118 7.8 - High - November 22, 2024

Possible improper input validation Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

OpenText iManager 3.2.4.0 Reflected XSS Vulnerability
CVE-2021-38119 6.1 - Medium - November 22, 2024

Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

XSS

OpenText iManager 3.2.5.0000 XSS via Access Component URL
CVE-2021-38134 6.1 - Medium - November 22, 2024

Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.5.0000.

XSS

OpenText iManager 3.2.6 EEI Vulnerability
CVE-2021-38135 9.8 - Critical - November 22, 2024

Possible External Service Interaction attack in iManager has been discovered in OpenText iManager 3.2.6.0000.

XSS via Access URL in OpenText iManager 3.2.6.0000
CVE-2022-26324 5.4 - Medium - November 22, 2024

Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.6.0000.

XSS

OpenText iManager 3.2.6 XML External Entity Injection in GET param
CVE-2023-24466 9.8 - Critical - November 22, 2024

Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0200.

XXE

Command Injection in OpenText iManager 3.2.6.0000 via GET param
CVE-2023-24467 9.8 - Critical - November 22, 2024

Possible Command Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0000.

Command Injection

OpenText iManager XSS via Input Validation
CVE-2020-11859 5.4 - Medium - November 06, 2024

Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3

XSS

OpenText iManager 3.2.6.0200 XEE RCE Vulnerability
CVE-2024-3969 9.8 - Critical - May 28, 2024

XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

XXE

CVE-2024-4429 XSRF in OpenText iManager 3.2.6.0200 leads to info disclosure
CVE-2024-4429 7.4 - High - May 28, 2024

Cross-Site Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to sensitive information disclosure.

Session Riding

OpenText iManager 3.2.6.0200 SSRF Sensitive Info Disclosure
CVE-2024-3485 7.5 - High - May 15, 2024

Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure.

SSRF

OpenText iManager 3.2.6.0200 Path Traversal PrivEsc
CVE-2024-3484 9.8 - Critical - May 15, 2024

Path Traversal found in OpenText iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.

Directory traversal

OpenText iManager 3.2.6.0200 RCE: Cmd I & Insecure Deserialization
CVE-2024-3483 9.8 - Critical - May 15, 2024

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

Command Injection

XEE in OpenText iManager 3.2.6.0200 Enables Info Disclosure & RCE
CVE-2024-3486 9.8 - Critical - May 15, 2024

XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.

XXE

OpenText iManager 3.2.6.0200 Broken Auth via Param Manipulation
CVE-2024-3487 9.8 - Critical - May 15, 2024

Broken Authentication vulnerability discovered in OpenText iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.

authentification

OpenText iManager 3.2.6.0200 File Upload via Unauth Session
CVE-2024-3488 9.8 - Critical - May 15, 2024

File Upload vulnerability in unauthenticated session found in OpenText iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.

Unrestricted File Upload

OpenText iManager 3.2.6 RCE via unsafe Java Deserialization
CVE-2024-3967 9.8 - Critical - May 15, 2024

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

Marshaling, Unmarshaling

OpenText iManager 3.2.6.0200 RCE via Custom File Upload
CVE-2024-3968 9.8 - Critical - May 15, 2024

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.

SSRF in OpenText iManager 3.2.6.0200 Directory Traversal
CVE-2024-3970 7.5 - High - May 15, 2024

Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.

SSRF

Cross site scripting vulnerability in iManager prior to 3.1 SP2.
CVE-2018-17949 6.1 - Medium - December 12, 2018

Cross site scripting vulnerability in iManager prior to 3.1 SP2.

XSS