cvelist/2018/6xxx/CVE-2018-6495.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@microfocus.com",
      "DATE_PUBLIC" : "2018-05-23T15:14:00.000Z",
      "ID" : "CVE-2018-6495",
      "STATE" : "PUBLIC",
      "TITLE" : "MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "UCMDB",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0"
                              }
                           ]
                        }
                     },
                     {
                        "product_name" : "CMS Server 2018.05",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"
                              }
                           ]
                        }
                     },
                     {
                        "product_name" : "UCMDB Browser",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Micro Focus"
            }
         ]
      }
   },
   "credit" : [
      {
         "lang" : "eng",
         "value" : "Micro Focus would like to thank Bharath Kumar Pyaneni for reporting this issue to cyber-psrt@microfocus.com."
      }
   ],
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."
         }
      ]
   },
   "exploit" : [
      {
         "lang" : "eng",
         "value" : "Cross-Site Scripting (XSS)"
      }
   ],
   "impact" : {
      "cvss" : {
         "attackComplexity" : "LOW",
         "attackVector" : "NETWORK",
         "availabilityImpact" : "NONE",
         "baseScore" : 6.3,
         "baseSeverity" : "MEDIUM",
         "confidentialityImpact" : "LOW",
         "integrityImpact" : "HIGH",
         "privilegesRequired" : "LOW",
         "scope" : "UNCHANGED",
         "userInteraction" : "REQUIRED",
         "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
         "version" : "3.0"
      }
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Cross-Site Scripting (XSS)"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778",
            "refsource" : "CONFIRM",
            "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778"
         },
         {
            "name" : "1040970",
            "refsource" : "SECTRACK",
            "url" : "http://www.securitytracker.com/id/1040970"
         }
      ]
   },
   "source" : {
      "discovery" : "UNKNOWN"
   }
}
- Synchronized data. 2018-02-01 10:02:39 -05:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "security@microfocus.com",`
			`"DATE_PUBLIC" : "2018-05-23T15:14:00.000Z",`
			`"ID" : "CVE-2018-6495",`
			`"STATE" : "PUBLIC",`
			`"TITLE" : "MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting"`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"product" : {`
			`"product_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"product_name" : "UCMDB",`
			`"version" : {`
			`"version_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"version_value" : "10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
			`}`
			`},`
			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"product_name" : "CMS Server 2018.05",`
			`"version" : {`
			`"version_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"version_value" : "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
			`}`
			`},`
			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"product_name" : "UCMDB Browser",`
			`"version" : {`
			`"version_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"version_value" : "4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"vendor_name" : "Micro Focus"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
			`}`
			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"credit" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"lang" : "eng",`
			`"value" : "Micro Focus would like to thank Bharath Kumar Pyaneni for reporting this issue to cyber-psrt@microfocus.com."`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`],`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"lang" : "eng",`
			`"value" : "Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"exploit" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"lang" : "eng",`
			`"value" : "Cross-Site Scripting (XSS)"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`],`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"impact" : {`
			`"cvss" : {`
			`"attackComplexity" : "LOW",`
			`"attackVector" : "NETWORK",`
			`"availabilityImpact" : "NONE",`
			`"baseScore" : 6.3,`
			`"baseSeverity" : "MEDIUM",`
			`"confidentialityImpact" : "LOW",`
			`"integrityImpact" : "HIGH",`
			`"privilegesRequired" : "LOW",`
			`"scope" : "UNCHANGED",`
			`"userInteraction" : "REQUIRED",`
			`"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",`
			`"version" : "3.0"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"problemtype" : {`
			`"problemtype_data" : [`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"description" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"lang" : "eng",`
			`"value" : "Cross-Site Scripting (XSS)"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`}`
			`]`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"references" : {`
			`"reference_data" : [`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`{`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778",`
			`"refsource" : "CONFIRM",`
			`"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03164778"`
- Synchronized data. 2018-05-25 06:03:34 -04:00			`},`
			`{`
			`"name" : "1040970",`
			`"refsource" : "SECTRACK",`
			`"url" : "http://www.securitytracker.com/id/1040970"`
Adding CVE-2018-6495 2018-05-23 10:16:11 -07:00			`}`
			`]`
			`},`
- Synchronized data. 2018-05-23 14:07:27 -04:00			`"source" : {`
			`"discovery" : "UNKNOWN"`
- Synchronized data. 2018-02-01 10:02:39 -05:00			`}`
			`}`