MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF
CVE-2018-6497

7.5HIGH

Key Information:

Vendor: Micro Focus
Status: Universal Cmdb Server; Cms Server
Vendor: CVE Published:; 16 June 2018

🔔 Create Micro Focus Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2018-6497?

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Affected Version(s)

CMS Server 2018.05 BACKGROUND

Universal CMDB Server DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0

References

https://softwaresupport.softwaregrp.com/document/-/facets...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041140

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Jun 16, 2018
Vulnerability Reserved
Feb 1, 2018

Credit

Micro Focus would like to thank Mateusz Garncarek for reporting this issue to [email protected].