Cross-Domain Invoke Vulnerability in Micro Focus Solutions Business Manager
CVE-2018-7682

6.5MEDIUM

Key Information:

Vendor: Micro Focus
Status: Solutions Business Manager 11.4
Vendor: CVE Published:; 22 June 2018

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2018-7682?

The vulnerability in Micro Focus Solutions Business Manager versions prior to 11.4 enables unauthorized users to invoke SBM RESTful services from other domains, potentially leading to unauthorized access and data exposure. This issue highlights the need for proper domain validation in service requests to safeguard sensitive information and ensure secure operations.

Affected Version(s)

Solutions Business Manager 11.4 Solutions Business Manager versions prior to 11.4

References

http://help.serena.com/doc_center/sbm/ver11_4/sbm_release...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2018
Vulnerability Reserved
Mar 5, 2018