CVE-2018-6496
HIGHMicro Focus Universal CMDB Browser 4.10-4.15.1 - Unsafe Deserialization and Cross-Site Request Forgery
Title source: llmDescription
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104483
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041139
Various Sources x_refsource_confirm
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03180066
Scores
CVSS v3
8.8
EPSS
0.0011
EPSS Percentile
28.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
CWE-352
Status
published
Products (1)
microfocus/universal_cmbd_browser
4.10 - 4.15.1
Published
Jun 16, 2018
Tracked Since
Feb 18, 2026