cvelistv5 - CVE-2018-6488

CVE-2018-6488 (GCVE-0-2018-6488)

Vulnerability from cvelistv5 – Published: 2018-02-22 22:00 – Updated: 2024-09-17 04:20

Title

MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance

Summary

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

Severity ?

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Arbitrary Code Execution

Assigner

microfocus

References

URL

Tags

https://softwaresupport.softwaregrp.com/document/…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Micro Focus	Micro Focus Universal CMDB	Affected: 4.10, 4.11, 4.12

Credits

Micro Focus would like to thank Chethan K and Sharp Rodney for reporting this issue to cyber-psrt@microfocus.com

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:49.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Micro Focus Universal CMDB",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "4.10, 4.11, 4.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Micro Focus would like to thank Chethan K and Sharp Rodney for reporting this issue to cyber-psrt@microfocus.com"
        }
      ],
      "datePublic": "2018-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Arbitrary Code Execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:24",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2018-02-21T22:00:00.000Z",
          "ID": "CVE-2018-6488",
          "STATE": "PUBLIC",
          "TITLE": "MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Micro Focus Universal CMDB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "4.10, 4.11, 4.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Micro Focus would like to thank Chethan K and Sharp Rodney for reporting this issue to cyber-psrt@microfocus.com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Arbitrary Code Execution"
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2018-6488",
    "datePublished": "2018-02-22T22:00:00Z",
    "dateReserved": "2018-02-01T00:00:00",
    "dateUpdated": "2024-09-17T04:20:29.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E8A64AA-32D3-452D-A542-523B6ADED9BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39A63423-AF90-48EE-AE9D-5852F38E9AF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB77A231-AE2A-4266-A345-1D248F72E33C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo arbitrario en Micro Focus Universal CMDB 4.10, 4.11 y 4.12. Esta vulnerabilidad podr\\u00eda explotarse de forma remota para permitir la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2018-6488",
      "lastModified": "2024-11-21T04:10:45.653",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-02-22T22:29:00.270",
      "references": "[{\"url\": \"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019\", \"source\": \"security@opentext.com\"}, {\"url\": \"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@opentext.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-6488\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2018-02-22T22:29:00.270\",\"lastModified\":\"2024-11-21T04:10:45.653\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en Micro Focus Universal CMDB 4.10, 4.11 y 4.12. Esta vulnerabilidad podr\u00eda explotarse de forma remota para permitir la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E8A64AA-32D3-452D-A542-523B6ADED9BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A63423-AF90-48EE-AE9D-5852F38E9AF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB77A231-AE2A-4266-A345-1D248F72E33C\"}]}]}],\"references\":[{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2018-6488

Vulnerability from fkie_nvd - Published: 2018-02-22 22:29 - Updated: 2024-11-21 04:10

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

References

	URL	Tags
	security@opentext.com	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019
	af854a3a-2127-422b-91ae-364da2661108	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019

Impacted products

Vendor	Product	Version
microfocus	ucmdb_configuration_manager	4.10
microfocus	ucmdb_configuration_manager	4.11
microfocus	ucmdb_configuration_manager	4.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8A64AA-32D3-452D-A542-523B6ADED9BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "39A63423-AF90-48EE-AE9D-5852F38E9AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB77A231-AE2A-4266-A345-1D248F72E33C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en Micro Focus Universal CMDB 4.10, 4.11 y 4.12. Esta vulnerabilidad podr\u00eda explotarse de forma remota para permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2018-6488",
  "lastModified": "2024-11-21T04:10:45.653",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-22T22:29:00.270",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CHFM-FW34-93F8

Vulnerability from github – Published: 2022-05-13 01:32 – Updated: 2022-05-13 01:32

Details

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-6488"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-22T22:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.",
  "id": "GHSA-chfm-fw34-93f8",
  "modified": "2022-05-13T01:32:01Z",
  "published": "2022-05-13T01:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6488"
    },
    {
      "type": "WEB",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-6488

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

Aliases

CVE-2018-6488

Aliases

CVE-2018-6488

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-6488",
    "description": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.",
    "id": "GSD-2018-6488"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-6488"
      ],
      "details": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.",
      "id": "GSD-2018-6488",
      "modified": "2023-12-13T01:22:35.662285Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "DATE_PUBLIC": "2018-02-21T22:00:00.000Z",
        "ID": "CVE-2018-6488",
        "STATE": "PUBLIC",
        "TITLE": "MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Micro Focus Universal CMDB",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "4.10, 4.11, 4.12"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Micro Focus"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Micro Focus would like to thank Chethan K and Sharp Rodney for reporting this issue to cyber-psrt@microfocus.com"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Arbitrary Code Execution"
        }
      ],
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Arbitrary Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019",
            "refsource": "CONFIRM",
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:4.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2018-6488"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:41Z",
      "publishedDate": "2018-02-22T22:29Z"
    }
  }
}

CNVD-2018-05579

Vulnerability from cnvd - Published: 2018-03-19

Title

Micro Focus Universal CMDB任意代码执行漏洞

Description

Micro Focus Universal CMDB是英国Micro Focus公司的一套资源管理解决方案。该方案提供自底向上包括IT基础架构的自动发现、数据模型建立、服务映射定义和服务影响分析等功能。Configuration Manager是其中的一个配置管理器。 Micro Focus Universal CMDB 4.10版本、4.11版本和4.12版本中存在任意代码执行漏洞。远程攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Micro Focus Universal CMDB任意代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019

Reference

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019

Impacted products

Name
['Micro Focus Universal CMDB 4.10', 'Micro Focus Universal CMDB 4.11', 'Micro Focus Universal CMDB 4.12']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6488"
    }
  },
  "description": "Micro Focus Universal CMDB\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4e00\u5957\u8d44\u6e90\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u81ea\u5e95\u5411\u4e0a\u5305\u62ecIT\u57fa\u7840\u67b6\u6784\u7684\u81ea\u52a8\u53d1\u73b0\u3001\u6570\u636e\u6a21\u578b\u5efa\u7acb\u3001\u670d\u52a1\u6620\u5c04\u5b9a\u4e49\u548c\u670d\u52a1\u5f71\u54cd\u5206\u6790\u7b49\u529f\u80fd\u3002Configuration Manager\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u914d\u7f6e\u7ba1\u7406\u5668\u3002\r\n\r\nMicro Focus Universal CMDB 4.10\u7248\u672c\u30014.11\u7248\u672c\u548c4.12\u7248\u672c\u4e2d\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05579",
  "openTime": "2018-03-19",
  "patchDescription": "Micro Focus Universal CMDB\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4e00\u5957\u8d44\u6e90\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u63d0\u4f9b\u81ea\u5e95\u5411\u4e0a\u5305\u62ecIT\u57fa\u7840\u67b6\u6784\u7684\u81ea\u52a8\u53d1\u73b0\u3001\u6570\u636e\u6a21\u578b\u5efa\u7acb\u3001\u670d\u52a1\u6620\u5c04\u5b9a\u4e49\u548c\u670d\u52a1\u5f71\u54cd\u5206\u6790\u7b49\u529f\u80fd\u3002Configuration Manager\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u914d\u7f6e\u7ba1\u7406\u5668\u3002\r\n\r\nMicro Focus Universal CMDB 4.10\u7248\u672c\u30014.11\u7248\u672c\u548c4.12\u7248\u672c\u4e2d\u5b58\u5728\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Micro Focus Universal CMDB\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Micro Focus Universal CMDB 4.10",
      "Micro Focus Universal CMDB 4.11",
      "Micro Focus Universal CMDB 4.12"
    ]
  },
  "referenceLink": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-26",
  "title": "Micro Focus Universal CMDB\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-6488 (GCVE-0-2018-6488)

FKIE_CVE-2018-6488

GHSA-CHFM-FW34-93F8

GSD-2018-6488

CNVD-2018-05579

Tags

Sightings

Nomenclature