CVE-2017-14363 - OpenCVE

Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Operations Manager I

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:operations_manager_i:10.60:::::::*
	cpe:2.3:a:microfocus:operations_manager_i:10.61:::::::*
	cpe:2.3:a:microfocus:operations_manager_i:10.62:::::::*

No data.

References

Link	Providers
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2017-12-21T22:00:00Z

Updated: 2024-09-17T00:26:41.389Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14363

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-21T22:29:00.210

Modified: 2023-11-07T02:38:58.490

Link: CVE-2017-14363

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Operations Manager i", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "10.60, 10.61, 10.62"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Vahagn Vardanyan for reporting this issue to security-alert@hpe.com"}], "datePublic": "2017-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting (XSS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:26", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}], "title": "MFSBGN03795 rev.1 - Micro Focus Operations Manager i - Remote Cross-Site Scripting (XSS)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-12-21T20:30:00.000Z", "ID": "CVE-2017-14363", "STATE": "PUBLIC", "TITLE": "MFSBGN03795 rev.1 - Micro Focus Operations Manager i - Remote Cross-Site Scripting (XSS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Operations Manager i", "version": {"version_data": [{"version_value": "10.60, 10.61, 10.62"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": ["Micro Focus would like to thank Vahagn Vardanyan for reporting this issue to security-alert@hpe.com"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."}]}, "exploit": "Cross-Site Scripting (XSS)", "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:27:39.929Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14363", "datePublished": "2017-12-21T22:00:00Z", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2024-09-17T00:26:41.389Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:operations_manager_i:10.60:*:*:*:*:*:*:*", "matchCriteriaId": "F9FF5A51-83C2-4964-9850-CC57D1A1C126", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:operations_manager_i:10.61:*:*:*:*:*:*:*", "matchCriteriaId": "32E0A392-4756-4AEB-ABE3-435298D61BB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:operations_manager_i:10.62:*:*:*:*:*:*:*", "matchCriteriaId": "A3FF75EB-5105-433D-8350-D692658EC262", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad Cross-Site Scripting (XSS) en Micro Focus Operations Manager i en las versiones 10.60, 10.61 y 10.62. La vulnerabilidad se podr\u00eda explotar de forma remota para permitir que se produzca Cross-Site Scripting (XSS)."}], "id": "CVE-2017-14363", "lastModified": "2023-11-07T02:38:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 4.7, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2017-12-21T22:29:00.210", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}