Assigner | OpenText |
Reserved | 2024-04-08 |
Published | 2024-05-15 |
Updated | 2024-07-23 |
Description
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Problem types
CWE-502 Deserialization of Untrusted Data
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Product status
3.0.0
Credits
Blaine Herro (Yahoo! Inc. VRT)