Main Vulnerability Database Vulnerabilities #VU37505

#VU37505 Code Injection in UCMDB Configuration Manager - CVE-2018-6488

Published: February 22, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU37505

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-6488

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
UCMDB Configuration Manager

Software vendor:
Micro Focus

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.

Remediation

Install update from vendor's website.

External links

https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03086019