CVE-2018-6495
Summary
| CVE | CVE-2018-6495 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-23 18:29:00 UTC |
| Updated | 2023-11-07 02:59:00 UTC |
| Description | Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microfocus | Cms Server | 4.10 | All | All | All |
| Application | Microfocus | Cms Server | 4.11 | All | All | All |
| Application | Microfocus | Cms Server | 4.12 | All | All | All |
| Application | Microfocus | Cms Server | 4.13 | All | All | All |
| Application | Microfocus | Cms Server | 4.14 | All | All | All |
| Application | Microfocus | Cms Server | 4.15.1 | All | All | All |
| Application | Microfocus | Cms Server | 4.10 | All | All | All |
| Application | Microfocus | Cms Server | 4.11 | All | All | All |
| Application | Microfocus | Cms Server | 4.12 | All | All | All |
| Application | Microfocus | Cms Server | 4.13 | All | All | All |
| Application | Microfocus | Cms Server | 4.14 | All | All | All |
| Application | Microfocus | Cms Server | 4.15.1 | All | All | All |
| Application | Microfocus | Universal Cmdb | 0.20 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.21 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.22 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.30 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.31 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.32 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.33 | All | All | All |
| Application | Microfocus | Universal Cmdb | 11.0 | All | All | All |
| Application | Microfocus | Universal Cmdb | 0.20 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.21 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.22 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.30 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.31 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.32 | All | All | All |
| Application | Microfocus | Universal Cmdb | 10.33 | All | All | All |
| Application | Microfocus | Universal Cmdb | 11.0 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.10 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.11 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.12 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.13 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.14 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.15.1 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.10 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.11 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.12 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.13 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.14 | All | All | All |
| Application | Microfocus | Universal Cmdb Browser | 4.15.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MySupport - Micro Focus Software Support | CONFIRM | softwaresupport.softwaregrp.com | Vendor Advisory |
| HPE Universal Configuration Management Database Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks - SecurityTracker | www.securitytracker.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Micro Focus would like to thank Bharath Kumar Pyaneni for reporting this issue to [email protected].
There are currently no legacy QID mappings associated with this CVE.