Search criteria
10 vulnerabilities found for Solutions Business Manager 11.4 by Micro Focus
CVE-2018-7682 (GCVE-0-2018-7682)
Vulnerability from cvelistv5 – Published: 2018-06-22 22:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
Severity ?
No CVSS data available.
CWE
- Cross-site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7682",
"datePublished": "2018-06-22T22:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T23:31:36.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7681 (GCVE-0-2018-7681)
Vulnerability from cvelistv5 – Published: 2018-06-21 19:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in \"Favorites\" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in \"Favorites\" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7681",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T02:27:04.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7683 (GCVE-0-2018-7683)
Vulnerability from cvelistv5 – Published: 2018-06-21 19:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7683",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T01:30:46.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7679 (GCVE-0-2018-7679)
Vulnerability from cvelistv5 – Published: 2018-06-21 19:00 – Updated: 2024-09-17 00:15
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- Client-side remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager 11.4 prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager 11.4 prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Client-side remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager 11.4 prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-side remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7679",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T00:15:29.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7680 (GCVE-0-2018-7680)
Vulnerability from cvelistv5 – Published: 2018-06-21 19:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7680",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T20:36:24.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7682 (GCVE-0-2018-7682)
Vulnerability from nvd – Published: 2018-06-22 22:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
Severity ?
No CVSS data available.
CWE
- Cross-site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7682",
"datePublished": "2018-06-22T22:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T23:31:36.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7681 (GCVE-0-2018-7681)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in \"Favorites\" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in \"Favorites\" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7681",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T02:27:04.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7683 (GCVE-0-2018-7683)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7683",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T01:30:46.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7679 (GCVE-0-2018-7679)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-17 00:15
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- Client-side remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager 11.4 prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager 11.4 prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Client-side remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager 11.4 prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-side remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7679",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T00:15:29.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7680 (GCVE-0-2018-7680)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7680",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T20:36:24.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}