EUVD-2018-18253

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Remote Cross-site Request forgery vulnerability found in multiple UCMBD and CMS Server versions.

Reporter	Title	Published	Views	Family All 7
CNVD	Micro Focus Universal Configuration Management Database Server Cross-Site Request Forgery Vulnerability	3 Jul 201800:00	–	cnvd
CVE	CVE-2018-6497	15 Jun 201821:00	–	cve
Cvelist	CVE-2018-6497 MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF	15 Jun 201821:00	–	cvelist
NVD	CVE-2018-6497	16 Jun 201801:29	–	nvd
OSV	CVE-2018-6497	16 Jun 201801:29	–	osv
Prion	Cross site request forgery (csrf)	16 Jun 201801:29	–	prion
Positive Technologies	PT-2018-17588 · Unknown · Cms Server +1	15 Jun 201800:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "5c7a3c0d-0280-3615-9123-c5e57d0a3c80",
        "vendor": {
          "name": "Micro Focus"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2763e69d-113e-3398-a9cc-0f0e9908b78a",
        "product": {
          "name": "CMS Server"
        },
        "product_version": "2018.05 BACKGROUND"
      },
      {
        "id": "a246f49a-b6ae-3e97-9429-47b1e0024473",
        "product": {
          "name": "Universal CMDB Server"
        },
        "product_version": "DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0"
      }
    ]
  }
]

Source	Link
softwaresupport	www.softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180069
securitytracker	www.securitytracker.com/id/1041140
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.8High risk

Vulners AI Score7.8

CVSS 37.5

CVSS 26.8

CVSS 3.18.8

EPSS0.00094