CVE-2018-7679
Summary
| CVE | CVE-2018-7679 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-21 19:29:00 UTC |
| Updated | 2023-11-07 03:01:00 UTC |
| Description | Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microfocus | Solutions Business Manager | All | All | All | All |
| Application | Micro Focus | Solutions Business Manager | All | All | All | All |
| Application | Micro Focus | Solutions Business Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SBM 11.4 Release Notes | CONFIRM | help.serena.com | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.