7.4

CVE-2024-4429

Cross Site Request Forgery vulnerability in iManager

Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrofocusImanager Version >= 3.0 < 3.2.6
MicrofocusImanager Version3.2.6 Update-
MicrofocusImanager Version3.2.6 Updatepatch1
MicrofocusImanager Version3.2.6 Updatepatch2
MicrofocusImanager Version3.2.6 Updatepatch3
MicrofocusImanager Version3.2.6 Updatepatch3_hotfix1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.4 2.8 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
security@opentext.com 5.4 1 4
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://www.netiq.com/documentation/imanager-32/imanager326_patch3_hf1_releasenotes/data/imanager326_patch3_hf1_releasenotes.html
Release Notes