CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6491 – MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6491
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. Vulnerabilidad de escalado local de privilegios en Micro Focus Universal CMDB 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.00. La vulnerabilidad se podría explotar de forma remota para permitir un escalado local de privilegios. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. • http://www.securitytracker.com/id/1040680 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7675 – Potential Information Disclosure in Sentinel
https://notcve.org/view.php?id=CVE-2018-7675
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. • https://www.netiq.com/support/kb/doc.php?id=7022706 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-9285 – Login restrictions not applied when using ebaclient against NetIQ eDirectory EBA interface
https://notcve.org/view.php?id=CVE-2017-9285
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. NetIQ eDirectory, en versiones anteriores a la 9.0 SP4, no imponía restricciones de inicio de sesión al emplear "ebaclient". Esto permitía el acceso no autorizado a los servicios de eDirectory. • https://bugzilla.suse.com/show_bug.cgi?id=1029077 https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html https://www.novell.com/support/kb/doc.php?id=7016794 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7429 – Fix for NetIQ shell code upload
https://notcve.org/view.php?id=CVE-2017-7429
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. La subida de certificados en el plugin NetIQ eDirectory PKI, en versiones anteriores a 8.8.8 Patch 10 Hotfix 1, podría aprovecharse para subir código JSP que puede ser empleado por atacantes autenticados para ejecutar applets JSP en el servidor iManager. • https://bugzilla.suse.com/show_bug.cgi?id=1024957 https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html https://www.novell.com/support/kb/doc.php?id=3426981 • CWE-295: Improper Certificate Validation CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6489
https://notcve.org/view.php?id=CVE-2018-6489
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) Vulnerabilidad XEE (XML External Entity) en Micro Focus Project and Portfolio Management Center 9.32. Esta vulnerabilidad puede ser explotada para permitir XEE (XML External Entity). • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426 • CWE-611: Improper Restriction of XML External Entity Reference •