Insecure Deserialization Vulnerability in Micro Focus Service Manager
CVE-2019-11666

8.8HIGH

Key Information:

Vendor: Micro Focus
Status: Service Manager
Vendor: CVE Published:; 17 September 2019

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2019-11666?

Micro Focus Service Manager is susceptible to a vulnerability that allows for the insecure deserialization of untrusted data in several versions of the software. This flaw could potentially be exploited by malicious actors to manipulate the application's data handling, leading to unauthorized access or other harmful effects. The vulnerability affects multiple versions from 9.30 to 9.62, highlighting the importance of updating and securing Service Manager installations.

Affected Version(s)

Service Manager 9.30

Service Manager 9.31

Service Manager 9.32

References

https://softwaresupport.softwaregrp.com/doc/KM03518316

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
May 1, 2019