CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7682
https://notcve.org/view.php?id=CVE-2018-7682
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4 permite que un usuario invoque servicios SBM RESTful en los dominios. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2018-7679
https://notcve.org/view.php?id=CVE-2018-7679
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4, cuando ASP.NET está configurado con permisos de ejecución en los directorios virtuales y no valida el contenido de las imágenes de avatar de usuario, podría conducir a la ejecución remota de código. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7681
https://notcve.org/view.php?id=CVE-2018-7681
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4 permite incrustar JavaScript en URL colocadas en la carpeta "Favorites". Si el usuario tiene ciertos privilegios administrativos, esta vulnerabilidad puede impactar a otros usuarios del sistema. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7683
https://notcve.org/view.php?id=CVE-2018-7683
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4 podría revelar cierta información sensible en los archivos de registro del servidor. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7680
https://notcve.org/view.php?id=CVE-2018-7680
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. Micro Focus Solutions Business Manager en versiones anteriores a la 11.4 puede devolver valores de cabecera HTTP. • http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •