CVE-2024-3969
CRITICAL WAF: High
CVSS 9.8
Published: 2024-05-28
CWE-611 CWE-611
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| microfocus | imanager | 3.0 - 3.2.6 |
| microfocus | imanager | 3.2.6 |
| microfocus | imanager | 3.2.6 |
| microfocus | imanager | 3.2.6 |
| microfocus | imanager | 3.2.6 |
References
- www.netiq.com (Release Notes)