Vulnerability-Lookup

CVE-2018-18590 (GCVE-0-2018-18590)

Vulnerability from cvelistv5 – Published: 2018-11-07 16:00 – Updated: 2024-09-17 01:15

Title

MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution

Summary

A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.

Severity

9.6 (Critical)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Remote Code Execution
Remote Disclosure of Information

Assigner

microfocus

References

1 reference

URL	Tags
https://softwaresupport.softwaregrp.com/document/…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
Micro Focus	Operation Bridge Containerized Suite	Affected: 2017.11, 2018.02, 2018.05, 2018.08

Date Public

2018-11-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:15:59.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Operation Bridge Containerized Suite",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "2017.11, 2018.02, 2018.05, 2018.08"
            }
          ]
        }
      ],
      "datePublic": "2018-11-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Remote Code Execution"
        },
        {
          "lang": "en",
          "value": "Remote Information Disclosure"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Remote Disclosure of Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:27.000Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "DATE_PUBLIC": "2018-11-07T14:30:00.000Z",
          "ID": "CVE-2018-18590",
          "STATE": "PUBLIC",
          "TITLE": "MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Operation Bridge Containerized Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017.11, 2018.02, 2018.05, 2018.08"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Micro Focus"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "Remote Code Execution"
          },
          {
            "lang": "en",
            "value": "Remote Information Disclosure"
          }
        ],
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Disclosure of Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416",
              "refsource": "CONFIRM",
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2018-18590",
    "datePublished": "2018-11-07T16:00:00.000Z",
    "dateReserved": "2018-10-23T00:00:00.000Z",
    "dateUpdated": "2024-09-17T01:15:29.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-18590",
      "date": "2026-06-30",
      "epss": "0.01025",
      "percentile": "0.59237"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-18590\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2018-11-07T16:29:00.517\",\"lastModified\":\"2024-11-21T03:56:13.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo y divulgaci\u00f3n de informaci\u00f3n en Micro Focus Operations Bridge, en la suite \\\"containerized\\\", en versiones 2017.11, 2018.02, 2018.05 y 2018.08. Esta vulnerabilidad podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"34099595-3D44-4B10-AA42-5A6DC9B82F25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"2D4D7844-FA36-4C63-8AD6-C40F81134DBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:premium:*:*:*\",\"matchCriteriaId\":\"78756DED-D384-4F7F-99C3-6BC6293B1D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C945B57-F9CB-4282-9D0E-F552B8AD1AC2\"}]}]}],\"references\":[{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2018-22759

Vulnerability from cnvd - Published: 2018-11-08

Title

Micro Focus Operation Bridge Containerized Suite远程代码执行漏洞

Description

Micro Focus Operation Bridge Containerized Suite是Micro Focus公司产品。 Micro Focus Operation Bridge Containerized Suite存在远程代码执行漏洞，该漏洞可能被利用进行远程代码执行和信息泄露。

Severity

高

Patch Name

Micro Focus Operation Bridge Containerized Suite远程代码执行漏洞的补丁

Patch Description

Micro Focus Operation Bridge Containerized Suite是Micro Focus公司产品。 Micro Focus Operation Bridge Containerized Suite存在远程代码执行漏洞，该漏洞可能被利用进行远程代码执行和信息泄露。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416

Reference

https://seclists.org/bugtraq/2018/Nov/9

Impacted products

Name
Micro Focus Operations Bridge containerized suite >=2017.11，<=2018.08

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-18590"
    }
  },
  "description": "Micro Focus Operation Bridge Containerized Suite\u662fMicro Focus\u516c\u53f8\u4ea7\u54c1\u3002\n\nMicro Focus Operation Bridge Containerized Suite\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u88ab\u5229\u7528\u8fdb\u884c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u548c\u4fe1\u606f\u6cc4\u9732\u3002",
  "discovererName": "Micro Focus, Product Security Response Team",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22759",
  "openTime": "2018-11-08",
  "patchDescription": "Micro Focus Operation Bridge Containerized Suite\u662fMicro Focus\u516c\u53f8\u4ea7\u54c1\u3002\r\n\r\nMicro Focus Operation Bridge Containerized Suite\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u53ef\u80fd\u88ab\u5229\u7528\u8fdb\u884c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u548c\u4fe1\u606f\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Micro Focus Operation Bridge Containerized Suite\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Micro Focus Operations Bridge containerized suite \u003e=2017.11\uff0c\u003c=2018.08"
  },
  "referenceLink": "https://seclists.org/bugtraq/2018/Nov/9",
  "serverity": "\u9ad8",
  "submitTime": "2018-11-08",
  "title": "Micro Focus Operation Bridge Containerized Suite\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2018-18590

Vulnerability from fkie_nvd - Published: 2018-11-07 16:29 - Updated: 2026-06-17 01:47

Severity

9.6 (Critical) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@opentext.com	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416
	af854a3a-2127-422b-91ae-364da2661108	https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416

Impacted products

Vendor	Product	Version
microfocus	operations_bridge	2017.11
microfocus	operations_bridge	2018.02
microfocus	operations_bridge	2018.05
microfocus	operations_bridge	2018.08

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "Operation Bridge Containerized Suite",
          "vendor": "Micro Focus",
          "versions": [
            {
              "status": "affected",
              "version": "2017.11, 2018.02, 2018.05, 2018.08"
            }
          ]
        }
      ],
      "source": "security@opentext.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:premium:*:*:*",
              "matchCriteriaId": "34099595-3D44-4B10-AA42-5A6DC9B82F25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:premium:*:*:*",
              "matchCriteriaId": "2D4D7844-FA36-4C63-8AD6-C40F81134DBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:premium:*:*:*",
              "matchCriteriaId": "78756DED-D384-4F7F-99C3-6BC6293B1D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C945B57-F9CB-4282-9D0E-F552B8AD1AC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo y divulgaci\u00f3n de informaci\u00f3n en Micro Focus Operations Bridge, en la suite \"containerized\", en versiones 2017.11, 2018.02, 2018.05 y 2018.08. Esta vulnerabilidad podr\u00eda permitir la divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
  "id": "CVE-2018-18590",
  "lastModified": "2026-06-17T01:47:33.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "security@opentext.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-11-07T16:29:00.517",
  "references": [
    {
      "source": "security@opentext.com",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
    }
  ],
  "sourceIdentifier": "security@opentext.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-38M3-4JXP-WF6G

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33

Details

Severity

8.8 (High)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-18590"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-07T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.",
  "id": "GHSA-38m3-4jxp-wf6g",
  "modified": "2022-05-13T01:33:42Z",
  "published": "2022-05-13T01:33:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-18590"
    },
    {
      "type": "WEB",
      "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-18590

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-18590

Aliases

CVE-2018-18590

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-18590",
    "description": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.",
    "id": "GSD-2018-18590"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-18590"
      ],
      "details": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.",
      "id": "GSD-2018-18590",
      "modified": "2023-12-13T01:22:36.565641Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@microfocus.com",
        "DATE_PUBLIC": "2018-11-07T14:30:00.000Z",
        "ID": "CVE-2018-18590",
        "STATE": "PUBLIC",
        "TITLE": "MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Operation Bridge Containerized Suite",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2017.11, 2018.02, 2018.05, 2018.08"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Micro Focus"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Remote Code Execution"
        },
        {
          "lang": "eng",
          "value": "Remote Information Disclosure"
        }
      ],
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Disclosure of Information"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416",
            "refsource": "CONFIRM",
            "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:premium:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:premium:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:premium:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microfocus:operations_bridge:2018.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2018-18590"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03283416"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:37Z",
      "publishedDate": "2018-11-07T16:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-18590 (GCVE-0-2018-18590)

CNVD-2018-22759

FKIE_CVE-2018-18590

GHSA-38M3-4JXP-WF6G

GSD-2018-18590

Tags

Sightings

Nomenclature