CVE-2018-6499

HIGH

Microfocus Data Center Automation - Code Injection

Title source: rule
STIX 2.1

Description

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

References (6)

Core 6

Scores

CVSS v3 7.1
EPSS 0.0147
EPSS Percentile 81.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

Details

CWE
CWE-94
Status published
Products (22)
microfocus/data_center_automation 2017.01
microfocus/data_center_automation 2017.05
microfocus/data_center_automation 2017.08
microfocus/data_center_automation 2017.09
microfocus/data_center_automation 2017.11
microfocus/data_center_automation 2018.02
microfocus/data_center_automation 2018.05
microfocus/hybrid_cloud_management 2017.11 (2 CPE variants)
microfocus/hybrid_cloud_management 2018.02 (2 CPE variants)
microfocus/hybrid_cloud_management 2018.05 (2 CPE variants)
... and 12 more
Published Aug 30, 2018
Tracked Since Feb 18, 2026