CVE-2017-14361 - OpenCVE

Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Project And Portfolio Management

Configuration 1 [-]

cpe:2.3:a:microfocus:project_and_portfolio_management:9.32:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1040088
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2017-12-13T01:00:00Z

Updated: 2024-09-16T23:05:58.739Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14361

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-13T01:29:00.407

Modified: 2023-11-07T02:38:57.940

Link: CVE-2017-14361

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Project and Portfolio Management Center", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "9.32"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com"}], "datePublic": "2017-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Man-In-The-Middle attack (MitM)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:00", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "1040088", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040088"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}], "title": "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-11-17T22:00:00.000Z", "ID": "CVE-2017-14361", "STATE": "PUBLIC", "TITLE": "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Project and Portfolio Management Center", "version": {"version_data": [{"version_value": "9.32"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": ["Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack."}]}, "exploit": "Man-In-The-Middle attack (MitM)", "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Man-In-The-Middle attack (MitM)"}]}]}, "references": {"reference_data": [{"name": "1040088", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040088"}, {"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:27:40.546Z"}, "title": "CVE Program Container", "references": [{"name": "1040088", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040088"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14361", "datePublished": "2017-12-13T01:00:00Z", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2024-09-16T23:05:58.739Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:project_and_portfolio_management:9.32:*:*:*:*:*:*:*", "matchCriteriaId": "C07AD255-320F-4029-8CBF-F2D364168D15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack."}, {"lang": "es", "value": "Vulnerabilidad Man-in-the-Middle (MitM) en Micro Focus Project and Portfolio Management Center 9.32. Esto podr\u00eda ser explotado para permitir ataques Man-in-the-Middle."}], "id": "CVE-2017-14361", "lastModified": "2023-11-07T02:38:57.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2017-12-13T01:29:00.407", "references": [{"source": "security@opentext.com", "url": "http://www.securitytracker.com/id/1040088"}, {"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}