cnvd - cnvd-2018-17414

CNVD-2018-17414

Vulnerability from cnvd - Published: 2018-09-04

Title

多款Micro Focus产品代码执行漏洞

Description

Micro Focus Hybrid Cloud Management Containerized Suite等都是英国Micro Focus公司的产品。Micro Focus Hybrid Cloud Management Containerized Suite是一款混合云管理容器化套件。Operations Bridge Containerized Suite是一套容器式IT运维监控解决方案。多款Micro Focus产品中存在代码执行漏洞。远程攻击者可利用该漏洞执行代码。

Severity

高

Patch Name

多款Micro Focus产品代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632

Reference

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632

Impacted products

Name
['Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2017.11', 'Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2018.02', 'Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2018.05', 'Micro Focus Operations Bridge Containerized Suite 2017.11', 'Micro Focus Operations Bridge Containerized Suite 2018.02', 'Micro Focus Operations Bridge Containerized Suite 2018.05', 'Micro Focus Data Center Automation Containerized Suit >=2017.01，<=2018.05', 'Micro Focus Service Management Automation Suite 2017.11', 'Micro Focus Service Management Automation Suite 2018.02', 'Micro Focus Service Management Automation Suite 2018.05', 'Micro Focus Network Operations Management (NOM) Suite CDF 2017.11', 'Micro Focus Network Operations Management (NOM) Suite CDF 2018.02', 'Micro Focus Network Operations Management (NOM) Suite CDF 2018.05']

Name

['Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2017.11', 'Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2018.02', 'Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2018.05', 'Micro Focus Operations Bridge Containerized Suite 2017.11', 'Micro Focus Operations Bridge Containerized Suite 2018.02', 'Micro Focus Operations Bridge Containerized Suite 2018.05', 'Micro Focus Data Center Automation Containerized Suit >=2017.01，<=2018.05', 'Micro Focus Service Management Automation Suite 2017.11', 'Micro Focus Service Management Automation Suite 2018.02', 'Micro Focus Service Management Automation Suite 2018.05', 'Micro Focus Network Operations Management (NOM) Suite CDF 2017.11', 'Micro Focus Network Operations Management (NOM) Suite CDF 2018.02', 'Micro Focus Network Operations Management (NOM) Suite CDF 2018.05']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6498"
    }
  },
  "description": "Micro Focus Hybrid Cloud Management Containerized Suite\u7b49\u90fd\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4ea7\u54c1\u3002Micro Focus Hybrid Cloud Management Containerized Suite\u662f\u4e00\u6b3e\u6df7\u5408\u4e91\u7ba1\u7406\u5bb9\u5668\u5316\u5957\u4ef6\u3002Operations Bridge Containerized Suite\u662f\u4e00\u5957\u5bb9\u5668\u5f0fIT\u8fd0\u7ef4\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eMicro Focus\u4ea7\u54c1\u4e2d\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17414",
  "openTime": "2018-09-04",
  "patchDescription": "Micro Focus Hybrid Cloud Management Containerized Suite\u7b49\u90fd\u662f\u82f1\u56fdMicro Focus\u516c\u53f8\u7684\u4ea7\u54c1\u3002Micro Focus Hybrid Cloud Management Containerized Suite\u662f\u4e00\u6b3e\u6df7\u5408\u4e91\u7ba1\u7406\u5bb9\u5668\u5316\u5957\u4ef6\u3002Operations Bridge Containerized Suite\u662f\u4e00\u5957\u5bb9\u5668\u5f0fIT\u8fd0\u7ef4\u76d1\u63a7\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eMicro Focus\u4ea7\u54c1\u4e2d\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMicro Focus\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2017.11",
      "Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2018.02",
      "Micro Focus Micro Focus Hybrid Cloud Management Containerized Suite HCM2018.05",
      "Micro Focus Operations Bridge Containerized Suite 2017.11",
      "Micro Focus Operations Bridge Containerized Suite 2018.02",
      "Micro Focus Operations Bridge Containerized Suite 2018.05",
      "Micro Focus Data Center Automation Containerized Suit \u003e=2017.01\uff0c\u003c=2018.05",
      "Micro Focus Service Management Automation Suite 2017.11",
      "Micro Focus Service Management Automation Suite 2018.02",
      "Micro Focus Service Management Automation Suite 2018.05",
      "Micro Focus Network Operations Management (NOM) Suite CDF 2017.11",
      "Micro Focus Network Operations Management (NOM) Suite CDF 2018.02",
      "Micro Focus Network Operations Management (NOM) Suite CDF 2018.05"
    ]
  },
  "referenceLink": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632",
  "serverity": "\u9ad8",
  "submitTime": "2018-09-03",
  "title": "\u591a\u6b3eMicro Focus\u4ea7\u54c1\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2018-6498 (GCVE-0-2018-6498)

Vulnerability from cvelistv5 – Published: 2018-08-30 21:00 – Updated: 2024-09-17 01:11

Summary

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

CWE

Remote Code Execution

Assigner

microfocus

References

URL

Tags

	https://softwaresupport.softwaregrp.com/document/…	x_refsource_CONFIRM
	https://softwaresupport.softwaregrp.com/document/…	x_refsource_CONFIRM
	https://softwaresupport.softwaregrp.com/document/…	x_refsource_CONFIRM
	https://softwaresupport.softwaregrp.com/document/…	x_refsource_CONFIRM
	https://softwaresupport.softwaregrp.com/document/…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

Micro Focus

Network Operations Management (NOM) Suite CDF

Affected: 2017.11, 2018.02, 2018.05

Micro Focus	Service Management Automation Suite	Affected: 2017.11, 2018.02, 2018.05
Micro Focus	Data Center Automation Containerized Suite	Affected: 2017.01 until 2018.05
Micro Focus	Operations Bridge Containerized Suite	Affected: 2017.11, 2018.02, 2018.05
Micro Focus	Hybrid Cloud Management Containerized Suite	Affected: HCM2017.11, HCM2018.02, HCM2018.05

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:01:49.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Network Operations Management (NOM) Suite CDF",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "2017.11, 2018.02, 2018.05"
            }
          ]
        },
        {
          "product": "Service Management Automation Suite",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "2017.11, 2018.02, 2018.05"
            }
          ]
        },
        {
          "product": "Data Center Automation Containerized Suite",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "2017.01 until 2018.05"
            }
          ]
        },
        {
          "product": "Operations Bridge Containerized Suite",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "2017.11, 2018.02, 2018.05"
            }
          ]
        },
        {
          "product": "Hybrid Cloud Management Containerized Suite",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "HCM2017.11, HCM2018.02, HCM2018.05"
            }
          ]
        }
      ],
      "datePublic": "2018-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Remote Code Execution"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:27",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Micro Focus Container Deployment Foundation (CDF), Remote Code Execution",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2018-08-30T17:00:00.000Z",
          "ID": "CVE-2018-6498",
          "STATE": "PUBLIC",
          "TITLE": "Micro Focus Container Deployment Foundation (CDF), Remote Code Execution"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Network Operations Management (NOM) Suite CDF",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017.11, 2018.02, 2018.05"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Service Management Automation Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017.11, 2018.02, 2018.05"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Data Center Automation Containerized Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017.01 until 2018.05"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Operations Bridge Containerized Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017.11, 2018.02, 2018.05"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Hybrid Cloud Management Containerized Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "HCM2017.11, HCM2018.02, HCM2018.05"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Remote Code Execution"
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632"
            },
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2018-6498",
    "datePublished": "2018-08-30T21:00:00Z",
    "dateReserved": "2018-02-01T00:00:00",
    "dateUpdated": "2024-09-17T01:11:00.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-17414

CVE-2018-6498 (GCVE-0-2018-6498)

Tags

Sightings

Nomenclature