{"containers": {"cna": {"affected": [{"product": "Microfocus Real User Monitoring", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "9.26IP, 9.30, 9.40, 9.50"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."}], "datePublic": "2018-10-19T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."}], "exploits": [{"lang": "en", "value": "Remote Arbitrary Code Execution"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Remote Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:46.000Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"}], "source": {"discovery": "UNKNOWN"}, "title": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2018-10-19T15:30:00.000Z", "ID": "CVE-2018-18589", "STATE": "PUBLIC", "TITLE": "MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microfocus Real User Monitoring", "version": {"version_data": [{"version_value": "9.26IP, 9.30, 9.40, 9.50"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": [{"lang": "eng", "value": "Micro Focus would like to thank Deapesh Misra of iDefense Labs, Accenture for reporting this issue to cyber-psrt@microfocus.com."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."}]}, "exploit": [{"lang": "en", "value": "Remote Arbitrary Code Execution"}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:15:59.896Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2018-18589", "datePublished": "2018-10-23T17:00:00.000Z", "dateReserved": "2018-10-23T00:00:00.000Z", "dateUpdated": "2024-09-16T19:05:44.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:real_user_monitoring:9.26ip:*:*:*:*:*:*:*", "matchCriteriaId": "AE3C17FA-2520-465C-80D8-2510351265E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:real_user_monitoring:9.30:*:*:*:*:*:*:*", "matchCriteriaId": "3FD6AA1F-CEBB-46DC-A3E8-B91ADF00A156", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:real_user_monitoring:9.40:*:*:*:*:*:*:*", "matchCriteriaId": "885A49C2-B996-48B9-BB15-8B0E847C5DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:real_user_monitoring:9.50:*:*:*:*:*:*:*", "matchCriteriaId": "BDA7B764-D8F8-492F-9CBA-DFA1A8D91991", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad potencial de ejecuci\u00f3n remota de c\u00f3digo arbitrario en Micro Focus Real User Monitoring, en versiones 9.26IP, 9.30, 9.40 y 9.50. La vulnerabilidad podr\u00eda ser explotada para ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2018-18589", "lastModified": "2024-11-21T03:56:12.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "security@opentext.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-23T17:29:00.267", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03272900"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}