CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-18593 – MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-18593
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information Saltos de directorio remotos y la divulgación de información privilegiada remota en UCMDB Configuration Management Service en sus versiones 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08 y 2018.11. Las vulnerabilidades podrían permitir saltos de directorio y la divulgación de información privilegiada remota. • http://www.securityfocus.com/bid/106374 https://softwaresupport.softwaregrp.com/doc/KM03309650 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6491 – MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6491
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. Vulnerabilidad de escalado local de privilegios en Micro Focus Universal CMDB 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.00. La vulnerabilidad se podría explotar de forma remota para permitir un escalado local de privilegios. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. • http://www.securitytracker.com/id/1040680 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180 •
CVSS: 10.0EPSS: 30%CPEs: 7EXPL: 0CVE-2017-8947 – Hewlett Packard Enterprise Universal CMDB UploadFileOnUIServerServlet Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8947
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE UCMDB v10.10, v10.11, v10.20, v10.21, v10.22, v10.30 y v10.31. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within UploadFileOnUIServerServlet servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/98960 http://www.securitytracker.com/id/1038643 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •