Vulnerabilities > Microfocus > Imanager > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2023-24467 Command Injection vulnerability in Microfocus Imanager
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus CWE-77
critical
 9.8
9.8
2024-11-22 CVE-2023-24466 XXE vulnerability in Microfocus Imanager
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2024-11-22 CVE-2021-38135 Unspecified vulnerability in Microfocus Imanager
Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus
critical
 9.8
9.8
2024-11-22 CVE-2021-38117 Command Injection vulnerability in Microfocus Imanager
Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
network
low complexity
microfocus CWE-77
critical
 9.8
9.8
2024-05-28 CVE-2024-3969 XXE vulnerability in Microfocus Imanager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2024-05-15 CVE-2024-3968 Unspecified vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
network
low complexity
microfocus
critical
 9.8
9.8
2024-05-15 CVE-2024-3967 Deserialization of Untrusted Data vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
network
low complexity
microfocus CWE-502
critical
 9.8
9.8
2024-05-15 CVE-2024-3488 Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Imanager
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
network
low complexity
microfocus CWE-434
critical
 9.8
9.8
2024-05-15 CVE-2024-3487 Improper Authentication vulnerability in Microfocus Imanager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
network
low complexity
microfocus CWE-287
critical
 9.8
9.8
2024-05-15 CVE-2024-3486 XXE vulnerability in Microfocus Imanager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8