Lucene search

K
cveMicrofocusCVE-2019-11653
HistoryAug 07, 2019 - 5:15 p.m.

CVE-2019-11653

2019-08-0717:15:12
microfocus
web.nvd.nist.gov
39
cve-2019-11653
micro focus content manager
remote access control bypass
nvd
vulnerability

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

37.0%

Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.

Affected configurations

Nvd
Node
microfocuscontent_managerMatch9.1.0patch6_hotfix1
OR
microfocuscontent_managerMatch9.1.0patch6_hotfix2
OR
microfocuscontent_managerMatch9.1.0patch6_hotfix3
OR
microfocuscontent_managerMatch9.1.0patch6_hotfix4
OR
microfocuscontent_managerMatch9.1.0patch6_hotfix5
OR
microfocuscontent_managerMatch9.2.0patch3_hotfix1
OR
microfocuscontent_managerMatch9.3.0patch2_hotfix1
OR
microfocuscontent_managerMatch9.3.0patch2_hotfix2
VendorProductVersionCPE
microfocuscontent_manager9.1.0cpe:/a:microfocus:content_manager:9.1.0:patch6_hotfix5::
microfocuscontent_manager9.3.0cpe:/a:microfocus:content_manager:9.3.0:patch2_hotfix2::
microfocuscontent_manager9.1.0cpe:/a:microfocus:content_manager:9.1.0:patch6_hotfix4::
microfocuscontent_manager9.1.0cpe:/a:microfocus:content_manager:9.1.0:patch6_hotfix2::
microfocuscontent_manager9.2.0cpe:/a:microfocus:content_manager:9.2.0:patch3_hotfix1::
microfocuscontent_manager9.1.0cpe:/a:microfocus:content_manager:9.1.0:patch6_hotfix1::
microfocuscontent_manager9.3.0cpe:/a:microfocus:content_manager:9.3.0:patch2_hotfix1::
microfocuscontent_manager9.1.0cpe:/a:microfocus:content_manager:9.1.0:patch6_hotfix3::

CNA Affected

[
  {
    "product": "Content Manager",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "9.1"
      },
      {
        "status": "affected",
        "version": "9.2"
      },
      {
        "status": "affected",
        "version": "9.3"
      }
    ]
  }
]

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

37.0%

Related for CVE-2019-11653