{ "id": "CVE-2018-18593", "sourceIdentifier": "security@opentext.com", "published": "2018-12-31T15:29:00.287", "lastModified": "2023-11-07T02:55:20.310", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information" }, { "lang": "es", "value": "Saltos de directorio remotos y la divulgaci\u00f3n de informaci\u00f3n privilegiada remota en UCMDB Configuration Management Service en sus versiones 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08 y 2018.11. Las vulnerabilidades podr\u00edan permitir saltos de directorio y la divulgaci\u00f3n de informaci\u00f3n privilegiada remota." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "f81092c5-7f14-476d-80dc-24857f90be84", "type": "Secondary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.2, "impactScore": 5.2 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "00348879-766F-4CBA-9761-AE4E258CA7EB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup1:*:*:*:*:*:*", "matchCriteriaId": "346A18A2-540C-4F17-BF34-1E5EEEC07D14" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup2:*:*:*:*:*:*", "matchCriteriaId": "83128A67-03F8-4B35-8F06-7F2E4B249E80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup3:*:*:*:*:*:*", "matchCriteriaId": "D845A099-B07F-418B-AF1A-31CB55177D10" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup4:*:*:*:*:*:*", "matchCriteriaId": "FDEA9704-D957-430B-A385-DABE05105D7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup5:*:*:*:*:*:*", "matchCriteriaId": "299EB23B-E31C-4F60-94DD-42601C5712C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup6:*:*:*:*:*:*", "matchCriteriaId": "850CDC6A-1F0F-4C8B-9EAA-8B761E1B125C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup7:*:*:*:*:*:*", "matchCriteriaId": "A5F13FCA-3A25-4723-86B4-5FE45891C284" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:*:*:*:*:*:*:*", "matchCriteriaId": "4F603D53-4D81-436F-BFC7-70702780B9C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:cup1:*:*:*:*:*:*", "matchCriteriaId": "CB8CB58E-0A63-4A3C-8159-35CA933E03E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:cup2:*:*:*:*:*:*", "matchCriteriaId": "A5AB8C9C-E85E-4EFB-B6A1-811154FC152F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:cup3:*:*:*:*:*:*", "matchCriteriaId": "D94222DA-E445-444E-BCAE-248EBAA43478" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.02:*:*:*:*:*:*:*", "matchCriteriaId": "EB4457B8-AC0A-4156-BCCF-193D51FF0823" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.05:*:*:*:*:*:*:*", "matchCriteriaId": "D61129A2-97E1-4F37-B0C7-0A623FF1EF98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.08:*:*:*:*:*:*:*", "matchCriteriaId": "09094DD7-FC42-4CD0-82D0-64225257363C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.11:*:*:*:*:*:*:*", "matchCriteriaId": "0514279C-C46F-4ED5-9058-490E3FEE1B1F" } ] } ] } ], "references": [ { "url": "http://www.securityfocus.com/bid/106374", "source": "security@opentext.com" }, { "url": "https://softwaresupport.softwaregrp.com/doc/KM03309650", "source": "security@opentext.com" } ] }