CVE-2019-11666

2019-09-1718:52:03

microfocus

www.cve.org

AI Score

8.7

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

CNA Affected

[
  {
    "product": "Service Manager",
    "vendor": "Micro Focus",
    "versions": [
      {
        "status": "affected",
        "version": "9.30"
      },
      {
        "status": "affected",
        "version": "9.31"
      },
      {
        "status": "affected",
        "version": "9.32"
      },
      {
        "status": "affected",
        "version": "9.33"
      },
      {
        "status": "affected",
        "version": "9.34"
      },
      {
        "status": "affected",
        "version": "9.35"
      },
      {
        "status": "affected",
        "version": "9.40"
      },
      {
        "status": "affected",
        "version": "9.41"
      },
      {
        "status": "affected",
        "version": "9.50"
      },
      {
        "status": "affected",
        "version": "9.51"
      },
      {
        "status": "affected",
        "version": "9.52"
      },
      {
        "status": "affected",
        "version": "9.60"
      },
      {
        "status": "affected",
        "version": "9.61"
      },
      {
        "status": "affected",
        "version": "9.62"
      }
    ]
  }
]

References

softwaresupport.softwaregrp.com/doc/KM03518316