CVE-2018-18589

MEDIUM

Microfocus Real User Monitoring - Insecure Deserialization

Title source: rule

Description

A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.

References (1)

[Various Sources] https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900

Scores

CVSS v3 6.3

EPSS 0.0146

EPSS Percentile 80.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502

Status published

Affected Products (4)

microfocus/real_user_monitoring

Timeline

Published Oct 23, 2018

Tracked Since Feb 18, 2026