CVE-2019-11666

HIGH

Micro Focus Service Manager <9.63 - Deserialization

Title source: llm

Description

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

References (1)

[Various Sources] https://softwaresupport.softwaregrp.com/doc/KM03518316

Scores

CVSS v3 8.8

EPSS 0.0024

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

microfocus/service_manager < 9.62

Timeline

Published Sep 17, 2019

Tracked Since Feb 18, 2026