threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microfocus imanager
Product
microfocus imanager
46 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-24467
>= 3.0 and < 3.2.6
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
8.8
HIGH
CVE-2023-24466
>= 3.0 and < 3.2.6
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
7.5
HIGH
CVE-2022-26324
all versions
Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.
7.6
HIGH
CVE-2021-38135
>= 3.0 and <= 3.2.5
Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
8.6
HIGH
CVE-2021-38134
>= 3.0 and < 3.2.6
Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000.
6.1
MEDIUM
CVE-2021-38119
>= 3.0 and < 3.2.5
Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
6.1
MEDIUM
CVE-2021-38118
>= 3.0 and < 3.2.5
Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
5.5
MEDIUM
CVE-2021-38117
>= 3.0 and < 3.2.5
Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
8.8
HIGH
CVE-2021-38116
< 3.2.5
Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions
8.8
HIGH
CVE-2020-11859
< 3.2.3
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager befor
7.6
HIGH
CVE-2024-4429
>= 3.0 and < 3.2.6
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive inf
5.4
MEDIUM
CVE-2024-3969
>= 3.0 and < 3.2.6
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by
7.8
HIGH
CVE-2024-3970
>= 3.0 and < 3.2.6
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive inf
5.3
MEDIUM
CVE-2024-3968
>= 3.0 and < 3.2.6
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution
7.8
HIGH
CVE-2024-3967
>= 3.0 and < 3.2.6
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution
7.6
HIGH
CVE-2024-3488
>= 3.0 and < 3.2.6
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant
5.6
MEDIUM
CVE-2024-3487
>= 3.0 and < 3.2.6
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manip
3.5
LOW
CVE-2024-3486
>= 3.0 and < 3.2.6
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure a
7.8
HIGH
CVE-2024-3485
>= 3.0 and < 3.2.6
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive inf
5.3
MEDIUM
CVE-2024-3484
>= 3.0 and < 3.2.6
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.
5.7
MEDIUM
CVE-2024-3483
>= 3.0 and <= 3.2.6
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and
7.8
HIGH
CVE-2022-38758
< 3.2.6
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on
7.2
HIGH
CVE-2018-17949
< 3.1.2
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
6.1
MEDIUM
CVE-2018-12462
all versions
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
4.8
MEDIUM
CVE-2018-1347
< 3.1
The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.
5.3
MEDIUM
CVE-2018-1345
< 3.1
NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.
5.9
MEDIUM
CVE-2018-1344
< 3.1
Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1
3.1
LOW
CVE-2017-5189
all versions
NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing
4.3
MEDIUM
CVE-2017-7425
<= 2.7.7
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.
7.6
HIGH
CVE-2017-7432
all versions
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability.
9.8
CRITICAL
CVE-2017-7431
all versions
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
8.8
HIGH
CVE-2017-7430
all versions
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Fra
6.1
MEDIUM
CVE-2017-7428
all versions
NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.
5.3
MEDIUM
CVE-2017-5186
<= 2.7
Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2
7.5
HIGH
CVE-2013-3268
<= 2.7
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote att
CVE-2013-1088
<= 2.7
Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the au
CVE-2011-4188
<= 2.7.4
Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated us
CVE-2010-1930
all versions
Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash)
CVE-2010-1929
all versions
Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the To
CVE-2009-4486
<= 2.7.2
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary
CVE-2008-3488
all versions
Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) allows remote attackers to delete Plug-in Studio created Prope
CVE-2006-4517
<= 2.5
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE pa
CVE-2005-1730
<= 2.0.2
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial
CVE-2004-0112
all versions
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the
CVE-2004-0081
all versions
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of ser
CVE-2004-0079
all versions
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin