CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6497 – MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
https://notcve.org/view.php?id=CVE-2018-6497
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). Se ha identificado potencial para Cross-Site Request Forgery (CSRF) remoto en UCMBD Server, en sus versiones DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 y CMS Server versión 2018.05 BACKGROUND, que podría permitir la deserialización remota no segura y Cross-Site Request Forgery (CSRF). • http://www.securitytracker.com/id/1041140 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180069 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 20EXPL: 0CVE-2018-6495 – MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-6495
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) en Micro Focus Universal CMDB, versiones 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.0; CMS, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1 y Micro Focus UCMDB Browser, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1. La vulnerabilidad se podría explotar de forma remota para permitir que se produzca Cross-Site Scripting (XSS). • http://www.securitytracker.com/id/1040970 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •