cvelist/2018/18xxx/CVE-2018-18589.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@suse.com",
        "DATE_PUBLIC": "2018-10-19T15:30:00.000Z",
        "ID": "CVE-2018-18589",
        "STATE": "PUBLIC",
        "TITLE": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Microfocus Real User Monitoring",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "9.26IP, 9.30, 9.40, 9.50"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Micro Focus"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "Remote Arbitrary Code Execution"
        }
    ],
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Remote Arbitrary Code Execution"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900",
                "refsource": "CONFIRM",
                "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"
            }
        ]
    },
    "source": {
        "discovery": "UNKNOWN"
    }
}