CVE-2024-3485 - OpenCVE

Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-05-15T16:45:25.287Z

Updated: 2024-08-01T20:12:07.715Z

Reserved: 2024-04-08T19:19:54.508Z

Link: CVE-2024-3485

Vulnrichment

Updated: 2024-08-01T20:12:07.715Z

NVD

Status : Awaiting Analysis

Published: 2024-05-15T17:15:13.543

Modified: 2024-05-15T18:35:11.453

Link: CVE-2024-3485

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3485", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-04-08T19:19:54.508Z", "datePublished": "2024-05-15T16:45:25.287Z", "dateUpdated": "2024-08-01T20:12:07.715Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows", "Linux"], "product": "iManager", "vendor": "OpenText", "versions": [{"lessThanOrEqual": "3.2.6.0300", "status": "affected", "version": "3.0.0", "versionType": "rpm, exe"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Blaine Herro (Yahoo! Inc. VRT)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<strong>Server Side Request Forgery vulnerability </strong><strong>has been discovered in OpenText\u2122 </strong><strong>iManager 3.2.6.0200</strong><strong>. This\ncould lead to senstive information disclosure.</strong>"}], "value": "Server Side Request Forgery vulnerability\u00a0has been discovered in OpenText\u2122 iManager 3.2.6.0200. This\ncould lead to senstive information disclosure."}], "impacts": [{"capecId": "CAPEC-300", "descriptions": [{"lang": "en", "value": "CAPEC-300 Port Scanning"}]}, {"capecId": "CAPEC-497", "descriptions": [{"lang": "en", "value": "CAPEC-497 File Discovery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-05-15T16:45:25.287Z"}, "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Server-Side Request Forgery vulnerability in iManager", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "imanager", "cpes": ["cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.2.6.0301", "versionType": "rpm"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-15T17:20:13.033613Z", "id": "CVE-2024-3485", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T19:15:16.126Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.715Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.715Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3485", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-15T17:20:13.033613Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "imanager", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.6.0301", "versionType": "rpm"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-15T17:30:17.304Z"}}], "cna": {"title": "Server-Side Request Forgery vulnerability in iManager", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Blaine Herro (Yahoo! Inc. VRT)"}], "impacts": [{"capecId": "CAPEC-300", "descriptions": [{"lang": "en", "value": "CAPEC-300 Port Scanning"}]}, {"capecId": "CAPEC-497", "descriptions": [{"lang": "en", "value": "CAPEC-497 File Discovery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "iManager", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "rpm, exe", "lessThanOrEqual": "3.2.6.0300"}], "platforms": ["Windows", "Linux"], "defaultStatus": "affected"}], "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Server Side Request Forgery vulnerability\u00a0has been discovered in OpenText\u2122 iManager 3.2.6.0200. This\ncould lead to senstive information disclosure.", "supportingMedia": [{"type": "text/html", "value": "<strong>Server Side Request Forgery vulnerability </strong><strong>has been discovered in OpenText\u2122 </strong><strong>iManager 3.2.6.0200</strong><strong>. This\ncould lead to senstive information disclosure.</strong>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-05-15T16:45:25.287Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3485", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:07.715Z", "dateReserved": "2024-04-08T19:19:54.508Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-05-15T16:45:25.287Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}