CVE-2024-3967 HIGH

CVE-2024-3967: Remote Code Execution vulnerability in the iManager

Vendor Opentext

Product iManager

Weakness CWE-502 · Unsafe deserialization

Published May 15, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Adjacent

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

Key dates

02Disclosure timeline

May 15, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-3967 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2025-47582 WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability CVE-2024-28074 SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability CVE-2025-55232 Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability CVE-2025-39565 WordPress MelaPress Login Security plugin <= 2.1.0 - PHP Object Injection Vulnerability CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage