{"containers": {"cna": {"affected": [{"product": "UCMDB Configuration Management Service", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."}], "datePublic": "2018-12-31T00:00:00", "descriptions": [{"lang": "en", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"}], "exploits": [{"lang": "en", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Remote Directory Traversal and Remote Disclosure of Privileged Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:02", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "106374", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106374"}, {"tags": ["x_refsource_MISC"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"}], "source": {"discovery": "UNKNOWN"}, "title": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2018-12-31T13:16:00.000Z", "ID": "CVE-2018-18593", "STATE": "PUBLIC", "TITLE": "MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UCMDB Configuration Management Service", "version": {"version_data": [{"version_value": "10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": [{"lang": "eng", "value": "Micro Focus would like to thank Bahadir Pektas and Emre Ilbeyoglu for reporting this issue to security@microfocus.com."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"}]}, "exploit": [{"lang": "en", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information"}]}]}, "references": {"reference_data": [{"name": "106374", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106374"}, {"name": "https://softwaresupport.softwaregrp.com/doc/KM03309650", "refsource": "MISC", "url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:15:59.681Z"}, "title": "CVE Program Container", "references": [{"name": "106374", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106374"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2018-18593", "datePublished": "2018-12-31T15:00:00Z", "dateReserved": "2018-10-23T00:00:00", "dateUpdated": "2024-09-16T18:09:18.629Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "00348879-766F-4CBA-9761-AE4E258CA7EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup1:*:*:*:*:*:*", "matchCriteriaId": "346A18A2-540C-4F17-BF34-1E5EEEC07D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup2:*:*:*:*:*:*", "matchCriteriaId": "83128A67-03F8-4B35-8F06-7F2E4B249E80", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup3:*:*:*:*:*:*", "matchCriteriaId": "D845A099-B07F-418B-AF1A-31CB55177D10", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup4:*:*:*:*:*:*", "matchCriteriaId": "FDEA9704-D957-430B-A385-DABE05105D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup5:*:*:*:*:*:*", "matchCriteriaId": "299EB23B-E31C-4F60-94DD-42601C5712C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup6:*:*:*:*:*:*", "matchCriteriaId": "850CDC6A-1F0F-4C8B-9EAA-8B761E1B125C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.22:cup7:*:*:*:*:*:*", "matchCriteriaId": "A5F13FCA-3A25-4723-86B4-5FE45891C284", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:*:*:*:*:*:*:*", "matchCriteriaId": "4F603D53-4D81-436F-BFC7-70702780B9C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:cup1:*:*:*:*:*:*", "matchCriteriaId": "CB8CB58E-0A63-4A3C-8159-35CA933E03E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:cup2:*:*:*:*:*:*", "matchCriteriaId": "A5AB8C9C-E85E-4EFB-B6A1-811154FC152F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:10.33:cup3:*:*:*:*:*:*", "matchCriteriaId": "D94222DA-E445-444E-BCAE-248EBAA43478", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.02:*:*:*:*:*:*:*", "matchCriteriaId": "EB4457B8-AC0A-4156-BCCF-193D51FF0823", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.05:*:*:*:*:*:*:*", "matchCriteriaId": "D61129A2-97E1-4F37-B0C7-0A623FF1EF98", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.08:*:*:*:*:*:*:*", "matchCriteriaId": "09094DD7-FC42-4CD0-82D0-64225257363C", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:ucmdb_configuration_manager:2018.11:*:*:*:*:*:*:*", "matchCriteriaId": "0514279C-C46F-4ED5-9058-490E3FEE1B1F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11. The vulnerabilities could allow Remote Directory Traversal and Remote Disclosure of Privileged Information"}, {"lang": "es", "value": "Saltos de directorio remotos y la divulgaci\u00f3n de informaci\u00f3n privilegiada remota en UCMDB Configuration Management Service en sus versiones 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08 y 2018.11. Las vulnerabilidades podr\u00edan permitir saltos de directorio y la divulgaci\u00f3n de informaci\u00f3n privilegiada remota."}], "id": "CVE-2018-18593", "lastModified": "2024-11-21T03:56:13.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-31T15:29:00.287", "references": [{"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/106374"}, {"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/106374"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://softwaresupport.softwaregrp.com/doc/KM03309650"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}