CVE-2018-6492
MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.
Cross-Site Scripting (XSS) persistente e inyección HTML no persistente en HP Network Operations Management Ultimate, versiones 2017.07, 2017.11 y 2018.02 y en Network Automation, versiones 10.00, 10.10, 10.11, 10.20, 10.30, 10.40 y 10.50. La vulnerabilidad podría explotarse remotamente para permitir Cross-Site Scripting (XSS) persistente y una inyección HTML no persistente.
*Credits:
Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-01 CVE Reserved
- 2018-05-10 CVE Published
- 2024-01-09 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104131 | Vdb Entry | |
| http://www.securitytracker.com/id/1040900 | Vdb Entry | |
| https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hp Search vendor "Hp" | Network Operations Management Ultimate Search vendor "Hp" for product "Network Operations Management Ultimate" | 2017.07 Search vendor "Hp" for product "Network Operations Management Ultimate" and version "2017.07" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Operations Management Ultimate Search vendor "Hp" for product "Network Operations Management Ultimate" | 2017.11 Search vendor "Hp" for product "Network Operations Management Ultimate" and version "2017.11" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Operations Management Ultimate Search vendor "Hp" for product "Network Operations Management Ultimate" | 2018.02 Search vendor "Hp" for product "Network Operations Management Ultimate" and version "2018.02" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.00 Search vendor "Hp" for product "Network Automation" and version "10.00" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.10 Search vendor "Hp" for product "Network Automation" and version "10.10" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.11 Search vendor "Hp" for product "Network Automation" and version "10.11" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.20 Search vendor "Hp" for product "Network Automation" and version "10.20" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.30 Search vendor "Hp" for product "Network Automation" and version "10.30" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.40 Search vendor "Hp" for product "Network Automation" and version "10.40" | - |
Affected
| ||||||
| Hp Search vendor "Hp" | Network Automation Search vendor "Hp" for product "Network Automation" | 10.50 Search vendor "Hp" for product "Network Automation" and version "10.50" | - |
Affected
| ||||||