CVE-2024-3969

HIGH

OpenText iManager <3.2.6.0200 - SSRF

Title source: llm

Description

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

References (1)

Scores

CVSS v3 7.8
EPSS 0.0155
EPSS Percentile 81.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE
CWE-611
Status published

Affected Products (5)

microfocus/imanager < 3.2.6
microfocus/imanager
microfocus/imanager
microfocus/imanager
microfocus/imanager

Timeline

Published May 28, 2024
Tracked Since Feb 18, 2026