Search
Find a vulnerability
Search criteria
2 vulnerabilities found for real_user_monitoring by microfocus
CVE-2018-18589 (GCVE-0-2018-18589)
Vulnerability from nvd – Published: 2018-10-23 17:00 – Updated: 2024-09-16 19:05
VLAI
EPSS
VEX
Title
MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability
Summary
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
Severity
6.3 (Medium)
CWE
- Remote Arbitrary Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/document/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Microfocus Real User Monitoring |
Affected:
9.26IP, 9.30, 9.40, 9.50
|
Date Public
2018-10-19 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microfocus Real User Monitoring",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.26IP, 9.30, 9.40, 9.50"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus\u0027 Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Arbitrary Code Execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:46.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-10-19T15:30:00.000Z",
"ID": "CVE-2018-18589",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microfocus Real User Monitoring",
"version": {
"version_data": [
{
"version_value": "9.26IP, 9.30, 9.40, 9.50"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus\u0027 Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Arbitrary Code Execution"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-18589",
"datePublished": "2018-10-23T17:00:00.000Z",
"dateReserved": "2018-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:44.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18589 (GCVE-0-2018-18589)
Vulnerability from cvelistv5 – Published: 2018-10-23 17:00 – Updated: 2024-09-16 19:05
VLAI
EPSS
VEX
Title
MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability
Summary
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
Severity
6.3 (Medium)
CWE
- Remote Arbitrary Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/document/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | Microfocus Real User Monitoring |
Affected:
9.26IP, 9.30, 9.40, 9.50
|
Date Public
2018-10-19 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microfocus Real User Monitoring",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.26IP, 9.30, 9.40, 9.50"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."
}
],
"datePublic": "2018-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus\u0027 Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Arbitrary Code Execution"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:46.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-10-19T15:30:00.000Z",
"ID": "CVE-2018-18589",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microfocus Real User Monitoring",
"version": {
"version_data": [
{
"version_value": "9.26IP, 9.30, 9.40, 9.50"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus\u0027 Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Arbitrary Code Execution"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-18589",
"datePublished": "2018-10-23T17:00:00.000Z",
"dateReserved": "2018-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:44.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}