Search
Find a vulnerability
Search criteria
8 vulnerabilities found for ucmdb_configuration_manager by hp
CVE-2018-18593 (GCVE-0-2018-18593)
Vulnerability from nvd – Published: 2018-12-31 15:00 – Updated: 2024-09-16 18:09
VLAI
EPSS
VEX
Title
MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities
Summary
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information
Severity
6.5 (Medium)
CWE
- Remote Directory Traversal and Remote Disclosure of Privileged Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106374 | vdb-entryx_refsource_BID |
| https://softwaresupport.softwaregrp.com/doc/KM03309650 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | UCMDB Configuration Management Service |
Affected:
10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11
|
Date Public
2018-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UCMDB Configuration Management Service",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
}
],
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Directory Traversal and Remote Disclosure of Privileged Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:02.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "106374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-31T13:16:00.000Z",
"ID": "CVE-2018-18593",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UCMDB Configuration Management Service",
"version": {
"version_data": [
{
"version_value": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106374"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03309650",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-18593",
"datePublished": "2018-12-31T15:00:00.000Z",
"dateReserved": "2018-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:09:18.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8947 (GCVE-0-2017-8947)
Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-16 17:32
VLAI
EPSS
VEX
Summary
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98960 | vdb-entryx_refsource_BID |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038643 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | UCMDB |
Affected:
v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31
|
Date Public
2017-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98960",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us"
},
{
"name": "1038643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UCMDB",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31"
}
]
}
],
"datePublic": "2017-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "98960",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us"
},
{
"name": "1038643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-06-08T00:00:00",
"ID": "CVE-2017-8947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UCMDB",
"version": {
"version_data": [
{
"version_value": "v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98960"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us"
},
{
"name": "1038643",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-8947",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-05-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:32:58.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14352 (GCVE-0-2017-14352)
Vulnerability from nvd – Published: 2017-09-29 19:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://softwaresupport.hpe.com/km/KM02968622 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101154 | vdb-entryx_refsource_BID |
Date Public
2017-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:39.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-14352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.hpe.com/km/KM02968622",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "101154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14352",
"datePublished": "2017-09-29T19:00:00.000Z",
"dateReserved": "2017-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:39.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14351 (GCVE-0-2017-14351)
Vulnerability from nvd – Published: 2017-09-29 19:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://softwaresupport.hpe.com/km/KM02968622 | x_refsource_CONFIRM |
| https://www.tenable.com/security/research/tra-2017-32 | x_refsource_MISC |
Date Public
2017-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:39.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-14351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.hpe.com/km/KM02968622",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-32",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14351",
"datePublished": "2017-09-29T19:00:00.000Z",
"dateReserved": "2017-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:39.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18593 (GCVE-0-2018-18593)
Vulnerability from cvelistv5 – Published: 2018-12-31 15:00 – Updated: 2024-09-16 18:09
VLAI
EPSS
VEX
Title
MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities
Summary
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information
Severity
6.5 (Medium)
CWE
- Remote Directory Traversal and Remote Disclosure of Privileged Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106374 | vdb-entryx_refsource_BID |
| https://softwaresupport.softwaregrp.com/doc/KM03309650 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus | UCMDB Configuration Management Service |
Affected:
10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11
|
Date Public
2018-12-31 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:15:59.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UCMDB Configuration Management Service",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
}
],
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"exploits": [
{
"lang": "en",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Directory Traversal and Remote Disclosure of Privileged Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:02.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "106374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-12-31T13:16:00.000Z",
"ID": "CVE-2018-18593",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UCMDB Configuration Management Service",
"version": {
"version_data": [
{
"version_value": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
},
"exploit": [
{
"lang": "en",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106374"
},
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03309650",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-18593",
"datePublished": "2018-12-31T15:00:00.000Z",
"dateReserved": "2018-10-23T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:09:18.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8947 (GCVE-0-2017-8947)
Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-16 17:32
VLAI
EPSS
VEX
Summary
A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/98960 | vdb-entryx_refsource_BID |
| https://support.hpe.com/hpsc/doc/public/display?d… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1038643 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hewlett Packard Enterprise | UCMDB |
Affected:
v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31
|
Date Public
2017-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98960",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us"
},
{
"name": "1038643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UCMDB",
"vendor": "Hewlett Packard Enterprise",
"versions": [
{
"status": "affected",
"version": "v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31"
}
]
}
],
"datePublic": "2017-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-16T15:57:01.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"name": "98960",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us"
},
{
"name": "1038643",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-06-08T00:00:00",
"ID": "CVE-2017-8947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UCMDB",
"version": {
"version_data": [
{
"version_value": "v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98960"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03758en_us"
},
{
"name": "1038643",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2017-8947",
"datePublished": "2018-02-15T22:00:00.000Z",
"dateReserved": "2017-05-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:32:58.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14352 (GCVE-0-2017-14352)
Vulnerability from cvelistv5 – Published: 2017-09-29 19:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://softwaresupport.hpe.com/km/KM02968622 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101154 | vdb-entryx_refsource_BID |
Date Public
2017-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:39.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:55.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-14352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.hpe.com/km/KM02968622",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "101154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14352",
"datePublished": "2017-09-29T19:00:00.000Z",
"dateReserved": "2017-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:39.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14351 (GCVE-0-2017-14351)
Vulnerability from cvelistv5 – Published: 2017-09-29 19:00 – Updated: 2024-08-05 19:27
VLAI
EPSS
VEX
Summary
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://softwaresupport.hpe.com/km/KM02968622 | x_refsource_CONFIRM |
| https://www.tenable.com/security/research/tra-2017-32 | x_refsource_MISC |
Date Public
2017-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:39.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-14351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.hpe.com/km/KM02968622",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/km/KM02968622"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-32",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-14351",
"datePublished": "2017-09-29T19:00:00.000Z",
"dateReserved": "2017-09-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:27:39.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}