Main Vulnerability Database Vulnerabilities #VU13394

#VU13394 Cross-site request forgery in Micro Focus Universal Configuration Management Database Browser - CVE-2018-6496

Published: June 19, 2018

Vulnerability identifier: #VU13394

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6496

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Micro Focus Universal Configuration Management Database Browser

Software vendor:
Micro Focus

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists in Micro Focus Universal Configuration Management Database (UCMDB) Browser due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim into loading a specially crafted HTML page or URL, perform CSRF attack, take actions on the target system acting as the target authenticated user and conduct java object deserialization attacks.

Remediation

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of UCMDB Browser:

https://softwaresupport.softwaregrp.com/km/KM03178826?lang=en&cc=us&hpappid=206728_SSO_PRO

External links

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180066

#VU13394 Cross-site request forgery in Micro Focus Universal Configuration Management Database Browser - CVE-2018-6496

Description

Remediation

External links

Please verify you're human