OpenText iManager 3.2.6 RCE via unsafe Java Deserialization
CVE-2024-3967 Published on May 15, 2024

Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2024-3967 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2024-3967

Want to know whenever a new CVE is published for Micro Focus Imanager? stack.watch will email you.

Micro Focus Imanager

Affected Versions

OpenText iManager:

Version 3.0.0, <= 3.2.6.0300 is affected.

opentext imanager:

Version 3.2.6.0200 is affected.

Exploit Probability

EPSS

1.18%

Percentile

78.47%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

OpenText iManager 3.2.6 RCE via unsafe Java DeserializationCVE-2024-3967 Published on May 15, 2024

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2024-3967

Affected Versions

Exploit Probability

OpenText iManager 3.2.6 RCE via unsafe Java Deserialization
CVE-2024-3967 Published on May 15, 2024