CVE-2018-6498 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microfocus	Data Center Automation	2017.01
Microfocus	Hybrid Cloud Management	2017.11
Microfocus	Network Operations Management	2017.11
Microfocus	Operations Bridge	2017.11
Microfocus	Service Management Automation	2017.11

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2018-6498?

CVE-2018-6498 is a vulnerability with a CVSS score of 8.8 (HIGH). Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Ce...

How severe is CVE-2018-6498?

CVE-2018-6498 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6498?

Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Data Center Automation, Microfocus Hybrid Cloud Management, Microfocus Network Operations Management, Microfocus Operations Bridge, Microfocus Service Management Automation.