Vulnerability CVE-2019-3477


Published: 2019-06-07

Description:
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

Vendor: Microfocus
Product: Solutions business manager 
Version:
11.4.1
11.4
11.3.1
11.3
11.2
11.1
11.0.1.1
11.0.1
11.0
10.1.5.4
10.1.5.3
10.1.5.2
10.1.5.1
10.1.5
10.1.4.1
10.1.4
10.1.3.1
10.1.3

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm

Related CVE
CVE-2019-11660
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
CVE-2019-11669
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
CVE-2019-11668
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus S...
CVE-2019-11658
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to a...
CVE-2019-11654
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
CVE-2019-11653
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user?s CheckIn request.
CVE-2019-11647
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
CVE-2019-11649
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user...

Copyright 2019, cxsecurity.com

 

Back to Top