{ "CVE_data_meta": { "ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2018-05-09T19:01:00.000Z", "ID": "CVE-2018-6492", "STATE": "PUBLIC", "TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Network Operations Management Ultimate", "version": { "version_data": [ { "version_value": "2017.07, 2017.11, 2018.02" } ] } }, { "product_name": "Network Automation", "version": { "version_data": [ { "version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50" } ] } } ] }, "vendor_name": "Micro Focus" } ] } }, "credit": [ { "lang": "eng", "value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent cross-site scripting, and non-persistent HTML Injection." } ] }, "exploit": [ { "lang": "eng", "value": "Remote Cross-Site Scripting (XSS)" } ], "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Cross-Site Scripting (XSS)" } ] }, { "description": [ { "lang": "eng", "value": "non-persistent HTML Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014" }, { "name": "1040900", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040900" }, { "name": "104131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104131" } ] }, "source": { "discovery": "UNKNOWN" } }