CVE-2018-6498

{"id": "CVE-2018-6498", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@opentext.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 2.8}]}, "published": "2018-08-30T21:29:00.267", "references": [{"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632", "source": "security@opentext.com"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667", "source": "security@opentext.com"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236669", "source": "security@opentext.com"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236678", "source": "security@opentext.com"}, {"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236725", "source": "security@opentext.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution."}, {"lang": "es", "value": "Ejecuci\u00f3n remota de c\u00f3digo en los siguientes productos: Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05; Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05; Data Center Automation Containerized Suite 2017.01 hasta la versi\u00f3n 2018.05; Service Management Automation Suite 2017.11, 2018.02, 2018.05 y Network Operations Management (NOM) Suite CDF 2017.11, 2018.02 y 2018.05 permitir\u00e1 la ejecuci\u00f3n remota de c\u00f3digo."}], "lastModified": "2023-11-07T02:59:58.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:data_center_automation:2017.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8CBD371-84AA-45F2-B53C-FF2F94316FDF"}, {"criteria": "cpe:2.3:a:microfocus:data_center_automation:2017.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FA57EDB-69A7-439A-886A-06E844A45CFB"}, {"criteria": "cpe:2.3:a:microfocus:data_center_automation:2017.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7E861D6-7812-4190-A3C1-F338D544123E"}, {"criteria": "cpe:2.3:a:microfocus:data_center_automation:2017.09:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA11555-95A4-4086-9C67-CA4C92EA4D0A"}, {"criteria": "cpe:2.3:a:microfocus:data_center_automation:2017.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "008EA036-C58F-4B01-AEAD-3E8E79304A68"}, {"criteria": "cpe:2.3:a:microfocus:data_center_automation:2018.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34E310E2-2F0F-4942-A7CD-61616D366824"}, {"criteria": "cpe:2.3:a:microfocus:data_center_automation:2018.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1CA1EEE-301A-4DB1-ACE6-A8DC7FF101C7"}, {"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:2017.11:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "EC84CBAE-0AB4-4405-8423-A221E3BABCA4"}, {"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:2017.11:*:*:*:ultimate:*:*:*", "vulnerable": true, "matchCriteriaId": "28F73BBD-DA6B-42A5-BDC9-F8832E475B03"}, {"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:2018.02:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "E52C4EA5-AE1E-476E-9AAF-FB8A6D34658A"}, {"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:2018.02:*:*:*:ultimate:*:*:*", "vulnerable": true, "matchCriteriaId": "69087F9D-D5F1-462C-8264-13DBCF50474C"}, {"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:2018.05:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "5686CFAC-0091-4B98-9654-359AC77343EA"}, {"criteria": "cpe:2.3:a:microfocus:hybrid_cloud_management:2018.05:*:*:*:ultimate:*:*:*", "vulnerable": true, "matchCriteriaId": "C7E8812B-28DC-4F66-B395-73AF00E57113"}, {"criteria": "cpe:2.3:a:microfocus:network_operations_management:2017.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E21E1238-6D5F-4AA5-8FE4-B818D0DBF6C4"}, {"criteria": "cpe:2.3:a:microfocus:network_operations_management:2018.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8F1189-19DF-43EB-9B35-61720EE11357"}, {"criteria": "cpe:2.3:a:microfocus:network_operations_management:2018.05:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "DF75B30C-1E8D-462E-A30A-9C17EF0B7CE7"}, {"criteria": "cpe:2.3:a:microfocus:operations_bridge:2017.11:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "34099595-3D44-4B10-AA42-5A6DC9B82F25"}, {"criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.02:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "2D4D7844-FA36-4C63-8AD6-C40F81134DBC"}, {"criteria": "cpe:2.3:a:microfocus:operations_bridge:2018.05:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "78756DED-D384-4F7F-99C3-6BC6293B1D28"}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation:2017.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5166B660-88F2-437B-96DA-F7E44E6AE9A3"}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DCFB2E7-D769-4365-9B99-952907563749"}, {"criteria": "cpe:2.3:a:microfocus:service_management_automation:2018.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3909E337-F1FC-45C8-A120-EEBDBFB0E4D0"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}