CVE-2018-7679
CRITICALMicro Focus Solutions Business Manager < 11.4 - Remote Code Execution via Unvalidated Avatar Image Upload
Title source: llmDescription
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm
Scores
CVSS v3
9.8
EPSS
0.0169
EPSS Percentile
82.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
microfocus/solutions_business_manager
< 11.4
Published
Jun 21, 2018
Tracked Since
Feb 18, 2026