- Added submission from Micro Focus for KM03309650 from 2018-12-31.

2025-06-08 22:18:26 +00:00 · 2018-12-31 09:38:31 -05:00 · 2018-12-31 09:38:31 -05:00 · cdf86abcc0
commit cdf86abcc0
parent 10110f154d
1 changed files with 79 additions and 3 deletions
--- a/2018/18xxx/CVE-2018-18593.json
+++ b/2018/18xxx/CVE-2018-18593.json
@ -1,9 +1,40 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@microfocus.com",
      "DATE_PUBLIC" : "2018-12-31T13:16:00.000Z",
      "ID" : "CVE-2018-18593",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC",
      "TITLE" : "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "UCMDB Configuration Management Service",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Micro Focus"
            }
         ]
      }
   },
   "credit" : [
      {
         "lang" : "eng",
         "value" : "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."
      }
   ],
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
@ -11,8 +42,53 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : " Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11.\nThe vulnerabilities could allow  Remote Directory Traversal and Remote Disclosure of Privileged Information"
         }
      ]
   },
   "exploit" : [
      {
         "lang" : "eng",
         "value" : " Remote Directory Traversal and Remote Disclosure of Privileged Information"
      }
   ],
   "impact" : {
      "cvss" : {
         "attackComplexity" : "LOW",
         "attackVector" : "NETWORK",
         "availabilityImpact" : "NONE",
         "baseScore" : 6.5,
         "baseSeverity" : "MEDIUM",
         "confidentialityImpact" : "HIGH",
         "integrityImpact" : "HIGH",
         "privilegesRequired" : "HIGH",
         "scope" : "UNCHANGED",
         "userInteraction" : "NONE",
         "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
         "version" : "3.0"
      }
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : " Remote Directory Traversal and Remote Disclosure of Privileged Information"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "refsource" : "CONFIRM",
            "url" : "https://softwaresupport.softwaregrp.com/doc/KM03309650"
         }
      ]
   },
   "source" : {
      "discovery" : "UNKNOWN"
   }
 }