Description
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
https://softwaresupport.softwaregrp.com/doc/KM03489552
Various Sources x_refsource_misc
https://ashsecurity.wordpress.com/2019/07/09/cm-cve/
Scores
CVSS v3
5.4
EPSS
0.0013
EPSS Percentile
31.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
Status
published
Products (3)
microfocus/content_manager
9.1.0 patch6_hotfix1 (5 CPE variants)
microfocus/content_manager
9.2.0 patch3_hotfix1
microfocus/content_manager
9.3.0 patch2_hotfix1 (2 CPE variants)
Published
Aug 07, 2019
Tracked Since
Feb 18, 2026