CVE-2018-6488
MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
Vulnerabilidad de ejecución de código arbitrario en Micro Focus Universal CMDB 4.10, 4.11 y 4.12. Esta vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código arbitrario.
*Credits:
Micro Focus would like to thank Chethan K and Sharp Rodney for reporting this issue to cyber-psrt@microfocus.com
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-01 CVE Reserved
- 2018-02-22 CVE Published
- 2024-09-17 CVE Updated
- 2024-11-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microfocus Search vendor "Microfocus" | Ucmdb Configuration Manager Search vendor "Microfocus" for product "Ucmdb Configuration Manager" | 4.10 Search vendor "Microfocus" for product "Ucmdb Configuration Manager" and version "4.10" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Ucmdb Configuration Manager Search vendor "Microfocus" for product "Ucmdb Configuration Manager" | 4.11 Search vendor "Microfocus" for product "Ucmdb Configuration Manager" and version "4.11" | - |
Affected
| ||||||
| Microfocus Search vendor "Microfocus" | Ucmdb Configuration Manager Search vendor "Microfocus" for product "Ucmdb Configuration Manager" | 4.12 Search vendor "Microfocus" for product "Ucmdb Configuration Manager" and version "4.12" | - |
Affected
| ||||||