CVE-2024-3486

HIGH

Microfocus Imanager < 3.2.6 - XXE

Title source: rule

Description

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0305
EPSS Percentile 86.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-611
Status published

Affected Products (5)

microfocus/imanager < 3.2.6
microfocus/imanager
microfocus/imanager
microfocus/imanager
microfocus/imanager

Timeline

Published May 15, 2024
Tracked Since Feb 18, 2026