CVE-2020-11854 – Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
https://notcve.org/view.php?id=CVE-2020-11854
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. • http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html https://softwaresupport.softwaregrp.com/doc/KM03747657 https://softwaresupport.softwaregrp.com/doc/KM03747658 https://softwaresupport.softwaregrp.com/doc/KM03747854 https://www.zerodayinitiative.com/advisories/ZDI-20-1287 • CWE-798: Use of Hard-coded Credentials •
CVE-2018-6495 – MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-6495
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) en Micro Focus Universal CMDB, versiones 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.0; CMS, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1 y Micro Focus UCMDB Browser, versiones 4.10, 4.11, 4.12, 4.13, 4.14 y 4.15.1. La vulnerabilidad se podría explotar de forma remota para permitir que se produzca Cross-Site Scripting (XSS). • http://www.securitytracker.com/id/1040970 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-6487 – MFSBGN03799 rev.1 - Micro Focus UCMDB, Remote Disclosure of Information
https://notcve.org/view.php?id=CVE-2018-6487
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information. Divulgación remota de información en Micro Focus Universal CMDB Foundation Software, versiones 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. La vulnerabilidad se podría explotar de forma remota para permitir la divulgación de información. • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03091097 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •