CVE-2018-6496 HIGH

CVE-2018-6496: MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Vendor Micro Focus

Product UCMDB Browser

Published June 15, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

Description

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Key dates

Disclosure timeline

June 15, 2018 CVE published

August 5, 2024 Record updated