CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19641 – Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5
https://notcve.org/view.php?id=CVE-2018-19641
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. Existe un problema de ejecución remota de código no autenticado en Micro Focus Solutions Business Manager (SBM), anteriormente conocido como Serena Business Manager (SBM), en versiones anteriores a la 11.5. • http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19645 – Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5
https://notcve.org/view.php?id=CVE-2018-19645
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. Existe un problema de omisión de autenticación en Solutions Business Manager (SBM), anteriormente conocido como Serena Business Manager (SBM), en versiones anteriores a la 11.5. • http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7682
https://notcve.org/view.php?id=CVE-2018-7682
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4 permite que un usuario invoque servicios SBM RESTful en los dominios. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-7679
https://notcve.org/view.php?id=CVE-2018-7679
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4, cuando ASP.NET está configurado con permisos de ejecución en los directorios virtuales y no valida el contenido de las imágenes de avatar de usuario, podría conducir a la ejecución remota de código. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7681
https://notcve.org/view.php?id=CVE-2018-7681
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4 permite incrustar JavaScript en URL colocadas en la carpeta "Favorites". Si el usuario tiene ciertos privilegios administrativos, esta vulnerabilidad puede impactar a otros usuarios del sistema. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •