CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.6%
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
Vendor | Product | Version | CPE |
---|---|---|---|
microfocus | data_center_automation | 2017.01 | cpe:2.3:a:microfocus:data_center_automation:2017.01:*:*:*:*:*:*:* |
microfocus | data_center_automation | 2017.05 | cpe:2.3:a:microfocus:data_center_automation:2017.05:*:*:*:*:*:*:* |
microfocus | data_center_automation | 2017.08 | cpe:2.3:a:microfocus:data_center_automation:2017.08:*:*:*:*:*:*:* |
microfocus | data_center_automation | 2017.09 | cpe:2.3:a:microfocus:data_center_automation:2017.09:*:*:*:*:*:*:* |
microfocus | data_center_automation | 2017.11 | cpe:2.3:a:microfocus:data_center_automation:2017.11:*:*:*:*:*:*:* |
microfocus | data_center_automation | 2018.02 | cpe:2.3:a:microfocus:data_center_automation:2018.02:*:*:*:*:*:*:* |
microfocus | data_center_automation | 2018.05 | cpe:2.3:a:microfocus:data_center_automation:2018.05:*:*:*:*:*:*:* |
microfocus | hybrid_cloud_management | 2017.11 | cpe:2.3:a:microfocus:hybrid_cloud_management:2017.11:*:*:*:premium:*:*:* |
microfocus | hybrid_cloud_management | 2017.11 | cpe:2.3:a:microfocus:hybrid_cloud_management:2017.11:*:*:*:ultimate:*:*:* |
microfocus | hybrid_cloud_management | 2018.02 | cpe:2.3:a:microfocus:hybrid_cloud_management:2018.02:*:*:*:premium:*:*:* |
[
{
"product": "Network Operations Management (NOM) Suite CDF",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "2017.11, 2018.02, 2018.05"
}
]
},
{
"product": "Service Management Automation Suite",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "2017.11, 2018.02, 2018.05"
}
]
},
{
"product": "Data Center Automation Containerized Suite",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "2017.01 until 2018.05"
}
]
},
{
"product": "Operations Bridge Containerized Suite",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "2017.11, 2018.02, 2018.05"
}
]
},
{
"product": "Hybrid Cloud Management Containerized Suite",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "HCM2017.11, HCM2018.02, HCM2018.05"
}
]
},
{
"product": "Network Virtualization (NV) with floating licenses",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "using Any version using APLS older than 10.7"
}
]
},
{
"product": "Unified Functional Testing (UFT) with floating licenses",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "using Any version using APLS older than 10.7"
}
]
},
{
"product": "Service Virtualization (SV) with floating licenses",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "using Any version using APLS older than 10.7"
}
]
}
]
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632?lang=en&cc=us&hpappid=206728_SSO_PRO
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236648
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236722
softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236726
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.6%