Main Vulnerability Database Vulnerabilities #VU13394

Cross-site request forgery in Micro Focus Universal Configuration Management Database Browser - CVE-2018-6496

Published: June 19, 2018

Vulnerability identifier: #VU13394

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6496

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Micro Focus

Affected software:
Micro Focus Universal Configuration Management Database Browser

Detailed vulnerability description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists in Micro Focus Universal Configuration Management Database (UCMDB) Browser due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim into loading a specially crafted HTML page or URL, perform CSRF attack, take actions on the target system acting as the target authenticated user and conduct java object deserialization attacks.

How to mitigate CVE-2018-6496

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of UCMDB Browser:

https://softwaresupport.softwaregrp.com/km/KM03178826?lang=en&cc=us&hpappid=206728_SSO_PRO

Sources

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180066

Cross-site request forgery in Micro Focus Universal Configuration Management Database Browser - CVE-2018-6496

Detailed vulnerability description

How to mitigate CVE-2018-6496

Sources

Please verify you're human