CVE-2018-6493
Summary
| CVE | CVE-2018-6493 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-22 19:29:00 UTC |
| Updated | 2023-11-07 02:59:00 UTC |
| Description | SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Network Automation | 10.00 | All | All | All |
| Application | Hp | Network Automation | 10.10 | All | All | All |
| Application | Hp | Network Automation | 10.11 | All | All | All |
| Application | Hp | Network Automation | 10.20 | All | All | All |
| Application | Hp | Network Automation | 10.30 | All | All | All |
| Application | Hp | Network Automation | 10.40 | All | All | All |
| Application | Hp | Network Automation | 10.50 | All | All | All |
| Application | Hp | Network Automation | 10.00 | All | All | All |
| Application | Hp | Network Automation | 10.10 | All | All | All |
| Application | Hp | Network Automation | 10.11 | All | All | All |
| Application | Hp | Network Automation | 10.20 | All | All | All |
| Application | Hp | Network Automation | 10.30 | All | All | All |
| Application | Hp | Network Automation | 10.40 | All | All | All |
| Application | Hp | Network Automation | 10.50 | All | All | All |
| Application | Hp | Network Operations Management Ultimate | 2017.07 | All | All | All |
| Application | Hp | Network Operations Management Ultimate | 2017.11 | All | All | All |
| Application | Hp | Network Operations Management Ultimate | 2018.02 | All | All | All |
| Application | Hp | Network Operations Management Ultimate | 2017.07 | All | All | All |
| Application | Hp | Network Operations Management Ultimate | 2017.11 | All | All | All |
| Application | Hp | Network Operations Management Ultimate | 2018.02 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| HP Network Automation and Network Operations Management Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities - , network automation - other - Micro Focus Software Support | softwaresupport.softwaregrp.com | ||
| HPE Network Automation Input Validation Flaws Let Remote Authenticated Users Conduct SQL Injection Attacks and Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker | www.securitytracker.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to [email protected].
There are currently no legacy QID mappings associated with this CVE.