Vulnerabilities > Microfocus > Imanager > 3.0

DATE CVE VULNERABILITY TITLE RISK
2024-05-15 CVE-2024-3488 Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Imanager
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
network
low complexity
microfocus CWE-434
critical
 9.8
9.8
2024-05-15 CVE-2024-3967 Deserialization of Untrusted Data vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
network
low complexity
microfocus CWE-502
critical
 9.8
9.8
2024-05-15 CVE-2024-3968 Unspecified vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
network
low complexity
microfocus
critical
 9.8
9.8
2024-05-15 CVE-2024-3970 Server-Side Request Forgery (SSRF) vulnerability in Microfocus Imanager
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-918
7.5
7.5
2018-12-12 CVE-2018-17949 Cross-site Scripting vulnerability in Microfocus Imanager
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
network
low complexity
microfocus CWE-79
6.1
6.1