MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities
CVE-2018-6493

8.7HIGH

Key Information:

Vendor: Micro Focus
Status: Network Operations Management Ultimate; Network Automation
Vendor: CVE Published:; 9 May 2018

🔔 Create Micro Focus Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-6493?

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

Affected Version(s)

Network Automation 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50

Network Operations Management Ultimate 2017.07, 2017.11, 2018.02

References

https://softwaresupport.softwaregrp.com/document/-/facets...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040900

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/104131

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
May 9, 2018
Vulnerability Reserved
Feb 1, 2018

Credit

Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to [email protected].