Vulnerabilities > Microfocus > Imanager > 3.0

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2023-24466 Unspecified vulnerability in Microfocus Imanager
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus
critical
 9.8
9.8
2024-11-22 CVE-2023-24467 Unspecified vulnerability in Microfocus Imanager
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus
critical
 9.8
9.8
2024-11-06 CVE-2020-11859 Cross-site Scripting vulnerability in Microfocus Imanager
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
network
low complexity
microfocus CWE-79
5.4
5.4
2024-05-28 CVE-2024-3969 XXE vulnerability in Microfocus Imanager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2024-05-28 CVE-2024-4429 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Imanager
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-352
7.4
7.4
2024-05-15 CVE-2024-3483 Deserialization of Untrusted Data vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
network
low complexity
microfocus CWE-502
critical
 9.8
9.8
2024-05-15 CVE-2024-3484 Path Traversal vulnerability in Microfocus Imanager
Path Traversal found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-22
critical
 9.8
9.8
2024-05-15 CVE-2024-3485 Server-Side Request Forgery (SSRF) vulnerability in Microfocus Imanager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-918
7.5
7.5
2024-05-15 CVE-2024-3486 XXE vulnerability in Microfocus Imanager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2024-05-15 CVE-2024-3487 Improper Authentication vulnerability in Microfocus Imanager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
network
low complexity
microfocus CWE-287
critical
 9.8
9.8