{"containers": {"cna": {"affected": [{"product": "Network Operations Management Ultimate", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "2017.07, 2017.11, 2018.02"}]}, {"product": "Network Automation", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com."}], "datePublic": "2018-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection."}], "exploits": [{"lang": "en", "value": "SQL Injection"}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "SQL Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:46", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"}, {"name": "1040900", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040900"}, {"name": "104131", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104131"}], "source": {"discovery": "UNKNOWN"}, "title": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2018-05-09T19:01:00.000Z", "ID": "CVE-2018-6493", "STATE": "PUBLIC", "TITLE": "MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Network Operations Management Ultimate", "version": {"version_data": [{"version_value": "2017.07, 2017.11, 2018.02"}]}}, {"product_name": "Network Automation", "version": {"version_data": [{"version_value": "10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": [{"lang": "eng", "value": "Micro Focus would like to thank Tilman Bender, Dennis Herrmann and Bastian Kanbach of Context Information Security GmbH for reporting this issue to cyber-psrt@microfocus.com."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection."}]}, "exploit": [{"lang": "en", "value": "SQL Injection"}], "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"}, {"name": "1040900", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040900"}, {"name": "104131", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104131"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:01:49.273Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"}, {"name": "1040900", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040900"}, {"name": "104131", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104131"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2018-6493", "datePublished": "2018-05-22T19:00:00Z", "dateReserved": "2018-02-01T00:00:00", "dateUpdated": "2024-09-17T04:25:37.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:network_operations_management_ultimate:2017.07:*:*:*:*:*:*:*", "matchCriteriaId": "6A3F9593-C1BC-4B48-B007-4877EF49B725", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_operations_management_ultimate:2017.11:*:*:*:*:*:*:*", "matchCriteriaId": "56A77056-BBF3-4F8B-BEE1-231A61C40156", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_operations_management_ultimate:2018.02:*:*:*:*:*:*:*", "matchCriteriaId": "46DD1E7E-CA4A-4672-AC09-AFC639AC9EB7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:network_automation:10.00:*:*:*:*:*:*:*", "matchCriteriaId": "6C74FE8A-030D-4C47-AE1F-2DC84C2D55BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_automation:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "A6CA263E-3137-4B14-81B1-CA3DF5AAD845", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_automation:10.11:*:*:*:*:*:*:*", "matchCriteriaId": "27A3AA40-2F05-4802-95A2-CCB57D9B1B62", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_automation:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "34BFE988-538A-40A9-BF9B-D36FA446C994", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_automation:10.30:*:*:*:*:*:*:*", "matchCriteriaId": "A669FE08-E770-45CC-93ED-AD3901D5E218", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_automation:10.40:*:*:*:*:*:*:*", "matchCriteriaId": "5CC9AE65-24AF-43DB-81F6-BDF67B63F6A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:network_automation:10.50:*:*:*:*:*:*:*", "matchCriteriaId": "1B792109-3D86-4D93-9691-262DCE0F2B23", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection."}, {"lang": "es", "value": "Inyecci\u00f3n SQL en HP Network Operations Management Ultimate, versiones 2017.07, 2017.11 y 2018.02 y en Network Automation, versiones 10.00, 10.10, 10.11, 10.20, 10.30, 10.40 y 10.50. La vulnerabilidad se podr\u00eda explotar de forma remota para permitir una inyecci\u00f3n SQL remota."}], "id": "CVE-2018-6493", "lastModified": "2024-11-21T04:10:46.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "security@opentext.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-22T19:29:00.787", "references": [{"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/104131"}, {"source": "security@opentext.com", "url": "http://www.securitytracker.com/id/1040900"}, {"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/104131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1040900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158014"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}