Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for Solutions Business Manager by Micro Focus

    CVE-2019-18947 (GCVE-0-2019-18947)

    Vulnerability from nvd – Published: 2021-02-26 03:07 – Updated: 2024-09-16 16:58
    VLAI
    Title
    information disclosure
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:21:28.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T20:19:00.000Z",
              "ID": "CVE-2019-18947",
              "STATE": "PUBLIC",
              "TITLE": "information disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18947",
        "datePublished": "2021-02-26T03:07:45.666Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:58:52.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18946 (GCVE-0-2019-18946)

    Vulnerability from nvd – Published: 2021-02-26 03:04 – Updated: 2024-09-16 17:28
    VLAI
    Title
    Session fixation
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:17:24.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Session fixation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T18:31:00.000Z",
              "ID": "CVE-2019-18946",
              "STATE": "PUBLIC",
              "TITLE": "Session fixation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-384 Session Fixation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18946",
        "datePublished": "2021-02-26T03:04:38.890Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:28:42.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18945 (GCVE-0-2019-18945)

    Vulnerability from nvd – Published: 2021-02-26 03:12 – Updated: 2024-08-05 02:02
    VLAI
    Title
    privilege escalation
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:25:58.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-18945",
              "STATE": "PUBLIC",
              "TITLE": "privilege escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18945",
        "datePublished": "2021-02-26T03:12:06.000Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18944 (GCVE-0-2019-18944)

    Vulnerability from nvd – Published: 2021-02-26 03:28 – Updated: 2024-09-16 20:21
    VLAI
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:40.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:28:07.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T18:03:00.000Z",
              "ID": "CVE-2019-18944",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18944",
        "datePublished": "2021-02-26T03:28:07.976Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:21:38.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18943 (GCVE-0-2019-18943)

    Vulnerability from nvd – Published: 2021-02-26 03:32 – Updated: 2024-09-16 19:10
    VLAI
    Title
    XML External Entity processing
    Summary
    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:32:59.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "XML External Entity processing",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T17:54:00.000Z",
              "ID": "CVE-2019-18943",
              "STATE": "PUBLIC",
              "TITLE": "XML External Entity processing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "MISC",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18943",
        "datePublished": "2021-02-26T03:32:59.312Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:10:13.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18942 (GCVE-0-2019-18942)

    Vulnerability from nvd – Published: 2021-02-26 03:30 – Updated: 2024-09-16 20:52
    VLAI
    Title
    Stored cross site scripting
    Summary
    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:30:59.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored cross site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T17:27:00.000Z",
              "ID": "CVE-2019-18942",
              "STATE": "PUBLIC",
              "TITLE": "Stored cross site scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18942",
        "datePublished": "2021-02-26T03:30:59.295Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:52:31.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3477 (GCVE-0-2019-3477)

    Vulnerability from nvd – Published: 2019-06-07 16:17 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
    Severity
    No CVSS data available.
    CWE
    • open redirect.
    Assigner
    References
    Impacted products
    Date Public
    2019-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 11.4.2"
                }
              ]
            }
          ],
          "datePublic": "2019-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "open redirect.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:53.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-3477",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 11.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "open redirect."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm",
                  "refsource": "CONFIRM",
                  "url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-3477",
        "datePublished": "2019-06-07T16:17:00.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18943 (GCVE-0-2019-18943)

    Vulnerability from cvelistv5 – Published: 2021-02-26 03:32 – Updated: 2024-09-16 19:10
    VLAI
    Title
    XML External Entity processing
    Summary
    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:32:59.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "XML External Entity processing",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T17:54:00.000Z",
              "ID": "CVE-2019-18943",
              "STATE": "PUBLIC",
              "TITLE": "XML External Entity processing"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "MISC",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18943",
        "datePublished": "2021-02-26T03:32:59.312Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:10:13.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18942 (GCVE-0-2019-18942)

    Vulnerability from cvelistv5 – Published: 2021-02-26 03:30 – Updated: 2024-09-16 20:52
    VLAI
    Title
    Stored cross site scripting
    Summary
    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.850Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:30:59.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored cross site scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T17:27:00.000Z",
              "ID": "CVE-2019-18942",
              "STATE": "PUBLIC",
              "TITLE": "Stored cross site scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18942",
        "datePublished": "2021-02-26T03:30:59.295Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:52:31.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18944 (GCVE-0-2019-18944)

    Vulnerability from cvelistv5 – Published: 2021-02-26 03:28 – Updated: 2024-09-16 20:21
    VLAI
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:40.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:28:07.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T18:03:00.000Z",
              "ID": "CVE-2019-18944",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18944",
        "datePublished": "2021-02-26T03:28:07.976Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:21:38.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18945 (GCVE-0-2019-18945)

    Vulnerability from cvelistv5 – Published: 2021-02-26 03:12 – Updated: 2024-08-05 02:02
    VLAI
    Title
    privilege escalation
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.887Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:25:58.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "privilege escalation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-18945",
              "STATE": "PUBLIC",
              "TITLE": "privilege escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18945",
        "datePublished": "2021-02-26T03:12:06.000Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T02:02:39.887Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18947 (GCVE-0-2019-18947)

    Vulnerability from cvelistv5 – Published: 2021-02-26 03:07 – Updated: 2024-09-16 16:58
    VLAI
    Title
    information disclosure
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.962Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:21:28.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "information disclosure",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T20:19:00.000Z",
              "ID": "CVE-2019-18947",
              "STATE": "PUBLIC",
              "TITLE": "information disclosure"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18947",
        "datePublished": "2021-02-26T03:07:45.666Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:58:52.188Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-18946 (GCVE-0-2019-18946)

    Vulnerability from cvelistv5 – Published: 2021-02-26 03:04 – Updated: 2024-09-16 17:28
    VLAI
    Title
    Session fixation
    Summary
    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2019-11-21 00:00
    Credits
    Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:02:39.860Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.7.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
            }
          ],
          "datePublic": "2019-11-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-384",
                  "description": "CWE-384 Session Fixation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-26T03:17:24.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade SBM to 11.7.1 or later"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Session fixation",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "DATE_PUBLIC": "2019-11-21T18:31:00.000Z",
              "ID": "CVE-2019-18946",
              "STATE": "PUBLIC",
              "TITLE": "Session fixation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 11.7.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-384 Session Fixation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
                  "refsource": "CONFIRM",
                  "url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Upgrade SBM to 11.7.1 or later"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-18946",
        "datePublished": "2021-02-26T03:04:38.890Z",
        "dateReserved": "2019-11-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:28:42.698Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3477 (GCVE-0-2019-3477)

    Vulnerability from cvelistv5 – Published: 2019-06-07 16:17 – Updated: 2024-08-04 19:12
    VLAI
    Summary
    Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
    Severity
    No CVSS data available.
    CWE
    • open redirect.
    Assigner
    References
    Impacted products
    Date Public
    2019-02-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Solutions Business Manager",
              "vendor": "Micro Focus",
              "versions": [
                {
                  "status": "affected",
                  "version": "prior to 11.4.2"
                }
              ]
            }
          ],
          "datePublic": "2019-02-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "open redirect.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-06T16:15:53.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@microfocus.com",
              "ID": "CVE-2019-3477",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Solutions Business Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "prior to 11.4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Micro Focus"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "open redirect."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm",
                  "refsource": "CONFIRM",
                  "url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2019-3477",
        "datePublished": "2019-06-07T16:17:00.000Z",
        "dateReserved": "2018-12-31T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:12:09.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }