MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
CVE-2018-6496

7.5HIGH

Key Information:

Vendor: Micro Focus
Status: Ucmdb Browser
Vendor: CVE Published:; 16 June 2018

🔔 Create Micro Focus Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-6496?

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Affected Version(s)

UCMDB Browser 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1

References

http://www.securityfocus.com/bid/104483

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1041139

vdb-entryx_refsource_SECTRACK

https://softwaresupport.softwaregrp.com/document/-/facets...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Jun 16, 2018
Vulnerability Reserved
Feb 1, 2018

Credit

Micro Focus would like to thank Mateusz Garncarek for reporting this issue to [email protected].