CVE-2018-6499 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2018-6499?

CVE-2018-6499 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-6499?

Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Data Center Automation, Microfocus Hybrid Cloud Management, Microfocus Network Operations Management, Microfocus Operations Bridge, Microfocus Service Management Automation.

Vulnerability Description

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microfocus	Data Center Automation	2017.01
Microfocus	Hybrid Cloud Management	2017.11
Microfocus	Network Operations Management	2017.11
Microfocus	Operations Bridge	2017.11
Microfocus	Service Management Automation	2017.11
Microfocus	Network Virtualization	12.50
Microfocus	Service Virtualization	1.00
Microfocus	Unified Functional Testing	12.50
Microfocus	Autopass License Server	< 10.7.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2018-6499?

CVE-2018-6499 is a vulnerability with a CVSS score of 7.1 (HIGH). Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Ce...

How severe is CVE-2018-6499?

CVE-2018-6499 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6499?

Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Data Center Automation, Microfocus Hybrid Cloud Management, Microfocus Network Operations Management, Microfocus Operations Bridge, Microfocus Service Management Automation.