CVE-2018-6497 HIGH

CVE-2018-6497: MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Vendor Micro Focus

Product Universal CMDB Server

Published June 15, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

Description

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

Key dates

Disclosure timeline

June 15, 2018 CVE published

August 5, 2024 Record updated

Identifiers

CVE CVE-2018-6497

CVSS 7.5 / HIGH

Affected versions

Vendor Micro Focus

Product Universal CMDB Server

Affected DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0

Vendor Micro Focus

Product CMS Server

Affected 2018.05 BACKGROUND