Lucene search

MicrofocusCVELIST:CVE-2018-6492

HistoryMay 09, 2018 - 12:00 a.m.

CVE-2018-6492 MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

2018-05-0900:00:00

microfocus

www.cve.org

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection.

CNA Affected

[
  {
    "product": "Network Operations Management Ultimate",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "2017.07, 2017.11, 2018.02"
      }
    ]
  },
  {
    "product": "Network Automation",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104131

www.securitytracker.com/id/1040900

softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for CVELIST:CVE-2018-6492