CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6497 – MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
https://notcve.org/view.php?id=CVE-2018-6497
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). Se ha identificado potencial para Cross-Site Request Forgery (CSRF) remoto en UCMBD Server, en sus versiones DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 y CMS Server versión 2018.05 BACKGROUND, que podría permitir la deserialización remota no segura y Cross-Site Request Forgery (CSRF). • http://www.securitytracker.com/id/1041140 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180069 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6496 – MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
https://notcve.org/view.php?id=CVE-2018-6496
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). Se ha identificado potencial para Cross-Site Request Forgery (CSRF) remoto en UCMBD Browser, en sus versiones 4.10, 4.11, 4.12, 4.13, 4.14, 4.15 y 4.15.1 que podría permitir la deserialización remota no segura y Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/104483 http://www.securitytracker.com/id/1041139 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180066 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 20EXPL: 0CVE-2018-6495 – MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-6495
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) en Micro Focus Universal CMDB, versiones 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.0; CMS, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1 y Micro Focus UCMDB Browser, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1. La vulnerabilidad se podría explotar de forma remota para permitir que se produzca Cross-Site Scripting (XSS). • http://www.securitytracker.com/id/1040970 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7687 – Client for OES Elevation of Privilege via Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-7687
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. Micro Focus Client for OES, en versiones anteriores a la 2 SP4 IR8a, tiene una vulnerabilidad que podría permitir que un atacante local eleve sus privilegios mediante un desbordamiento de búfer en ncfsd.sys. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Micro Focus Client for Open Enterprise Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x143CFB. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. • https://bugzilla.novell.com/show_bug.cgi?id=1093607 https://www.novell.com/support/kb/doc.php?id=7022983 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6494 – MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-6494
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro sortfield en /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php o /admin/website.php. • http://www.securityfocus.com/bid/104141 http://www.securitytracker.com/id/1040902 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •