CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6491 – MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6491
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. Vulnerabilidad de escalado local de privilegios en Micro Focus Universal CMDB 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.00. La vulnerabilidad se podría explotar de forma remota para permitir un escalado local de privilegios. This vulnerability allows local attackers to escalate privilege on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. • http://www.securitytracker.com/id/1040680 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14352
https://notcve.org/view.php?id=CVE-2017-14352
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. Se ha identificado una vulnerabilidad de seguridad potencial en las versiones 10.10, 10.11, 10.20, 10.21, 10.22 y 10.23 de HP UCMDB Configuration Manager. Estas vulnerabilidades podrían explotarse de forma remota para permitir Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/101154 https://softwaresupport.hpe.com/km/KM02968622 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14351
https://notcve.org/view.php?id=CVE-2017-14351
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. Se ha identificado una vulnerabilidad de seguridad potencial en las versiones 10.10, 10.11, 10.20, 10.21, 10.22 y 10.23 de HP UCMDB Configuration Manager. Estas vulnerabilidades podrían explotarse de forma remota para permitir la ejecución de código. • https://softwaresupport.hpe.com/km/KM02968622 https://www.tenable.com/security/research/tra-2017-32 •
CVSS: 10.0EPSS: 30%CPEs: 7EXPL: 0CVE-2017-8947 – Hewlett Packard Enterprise Universal CMDB UploadFileOnUIServerServlet Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8947
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found. Se ha encontrado una vulnerabilidad de ejecución remota de código en HPE UCMDB v10.10, v10.11, v10.20, v10.21, v10.22, v10.30 y v10.31. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Universal CMDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within UploadFileOnUIServerServlet servlet. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • http://www.securityfocus.com/bid/98960 http://www.securitytracker.com/id/1038643 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •