OpenCVE

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: OpenText

Published: 2024-05-15T16:39:39.515Z

Updated: 2024-08-01T20:26:57.240Z

Reserved: 2024-04-18T19:37:45.598Z

Link: CVE-2024-3968

Vulnrichment

Updated: 2024-08-01T20:26:57.240Z

NVD

Status : Awaiting Analysis

Published: 2024-05-15T17:15:14.910

Modified: 2024-11-21T09:30:47.843

Link: CVE-2024-3968

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3968", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-04-18T19:37:45.598Z", "datePublished": "2024-05-15T16:39:39.515Z", "dateUpdated": "2024-08-01T20:26:57.240Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows", "Linux", "64 bit"], "product": "iManager", "vendor": "OpenText", "versions": [{"lessThanOrEqual": "3.2.6.0300", "status": "affected", "version": "3.0.0", "versionType": "rpm, exe"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Blaine Herro (Yahoo! Inc. VRT)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<strong>Remote Code\nExecution </strong><strong>has been discovered in\nOpenText\u2122 </strong><strong>iManager 3.2.6.0200</strong><strong>. <strong>The vulnerability </strong><strong>can\ntrigger remote code execution using custom file upload task.</strong></strong>"}], "value": "Remote Code\nExecution has been discovered in\nOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability can\ntrigger remote code execution using custom file upload task."}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-05-15T16:39:39.515Z"}, "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Remote Code Execution vulnerability in the iManager", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T16:02:28.487584Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "imanager", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:30:57.193Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.240Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:26:57.240Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T16:02:28.487584Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "imanager", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T16:03:03.713Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Remote Code Execution vulnerability in the iManager", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Blaine Herro (Yahoo! Inc. VRT)"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText", "product": "iManager", "versions": [{"status": "affected", "version": "3.0.0", "versionType": "rpm, exe", "lessThanOrEqual": "3.2.6.0300"}], "platforms": ["Windows", "Linux", "64 bit"], "defaultStatus": "affected"}], "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Remote Code\nExecution has been discovered in\nOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability can\ntrigger remote code execution using custom file upload task.", "supportingMedia": [{"type": "text/html", "value": "<strong>Remote Code\nExecution </strong><strong>has been discovered in\nOpenText\u2122 </strong><strong>iManager 3.2.6.0200</strong><strong>. <strong>The vulnerability </strong><strong>can\ntrigger remote code execution using custom file upload task.</strong></strong>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-05-15T16:39:39.515Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3968", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:26:57.240Z", "dateReserved": "2024-04-18T19:37:45.598Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-05-15T16:39:39.515Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}