CVE-2018-7679

2018-06-2000:00:00

microfocus

www.cve.org

9.8 High

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.

CNA Affected

[
  {
    "product": "Solutions Business Manager 11.4",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "Solutions Business Manager 11.4 prior to 11.4"
      }
    ]
  }
]

References

help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm