Main Vulnerability Database Vulnerabilities #VU37505

Code Injection in UCMDB Configuration Manager - CVE-2018-6488

Published: February 22, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37505

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-6488

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Micro Focus

Affected software:
UCMDB Configuration Manager

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

How to mitigate CVE-2018-6488

Install update from vendor's website.

Sources

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019

Code Injection in UCMDB Configuration Manager - CVE-2018-6488

Detailed vulnerability description

How to mitigate CVE-2018-6488

Sources

Please verify you're human