CVE-2024-3483 - OpenCVE

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OpenText

Published: 2024-05-15T16:44:00.950Z

Updated: 2024-05-15T16:44:00.950Z

Reserved: 2024-04-08T19:19:49.290Z

Link: CVE-2024-3483

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-05-15T17:15:12.943

Modified: 2024-05-15T18:35:11.453

Link: CVE-2024-3483

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3483", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2024-04-08T19:19:49.290Z", "datePublished": "2024-05-15T16:44:00.950Z", "dateUpdated": "2024-05-15T16:44:00.950Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows", "Linux", "64 bit"], "product": "iManager", "vendor": "OpenText", "versions": [{"lessThanOrEqual": "3.2.6.0300", "status": "affected", "version": "3.0.0", "versionType": "rpm, exe"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Blaine Herro (Yahoo! Inc. VRT)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<strong>Remote Code\nExecution </strong><strong>has been discovered in\nOpenText\u2122 </strong><strong>iManager 3.2.6.0200</strong><strong>. <strong>The vulnerability </strong><strong>can\ntrigger command injection and insecure deserialization issues.</strong>\n\n\n\n</strong>"}], "value": "Remote Code\nExecution has been discovered in\nOpenText\u2122 iManager 3.2.6.0200.\u00a0The vulnerability can\ntrigger command injection and insecure deserialization issues.\n\n"}], "impacts": [{"capecId": "CAPEC-23", "descriptions": [{"lang": "en", "value": "CAPEC-23 File Content Injection"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-05-15T16:44:00.950Z"}, "references": [{"url": "https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Remote Code Execution vulnerability in the iManager", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}