Lucene search

MicrofocusCVELIST:CVE-2018-6493

HistoryMay 22, 2018 - 7:00 p.m.

CVE-2018-6493 MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

2018-05-2219:00:00

microfocus

www.cve.org

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

48.1%

JSON

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

CNA Affected

[
  {
    "product": "Network Operations Management Ultimate",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "2017.07, 2017.11, 2018.02"
      }
    ]
  },
  {
    "product": "Network Automation",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104131

www.securitytracker.com/id/1040900

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

48.1%

JSON

Related for CVELIST:CVE-2018-6493