Remote Code Execution Vulnerability in Hybrid Cloud Management and Other HPE Products
CVE-2018-6499

7.1HIGH

Key Information:

Vendor

Micro Focus

Status
Network Operations Management (nom) Suite Cdf
Service Management Automation Suite
Data Center Automation Containerized Suite
Operations Bridge Containerized Suite
Vendor
CVE Published:
30 August 2018

Badges

👾 Exploit Exists

What is CVE-2018-6499?

A vulnerability allows remote code execution in various Hewlett Packard Enterprise products including the Hybrid Cloud Management Containerized Suite, Operations Bridge, and others when using outdated versions of APLS. This issue can be exploited to execute arbitrary commands on the affected systems, potentially compromising data integrity and availability.

Affected Version(s)

Data Center Automation Containerized Suite 2017.01 until 2018.05

Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05

Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05

References

https://softwaresupport.softwaregrp.com/document/-/facets...
x_refsource_CONFIRM
https://softwaresupport.softwaregrp.com/document/-/facets...
x_refsource_CONFIRM
https://softwaresupport.softwaregrp.com/document/-/facets...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.