Description
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
https://softwaresupport.softwaregrp.com/doc/KM03518316
Scores
CVSS v3
8.8
EPSS
0.0024
EPSS Percentile
47.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
microfocus/service_manager
9.30 - 9.62
Published
Sep 17, 2019
Tracked Since
Feb 18, 2026