{"containers": {"cna": {"affected": [{"product": "Content Manager", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.2"}, {"status": "affected", "version": "9.3"}]}], "descriptions": [{"lang": "en", "value": "Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user\u2019s CheckIn request."}], "problemTypes": [{"descriptions": [{"description": "Remote Access Control Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:47.000Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03489552"}, {"tags": ["x_refsource_MISC"], "url": "https://ashsecurity.wordpress.com/2019/07/09/cm-cve/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2019-11653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Content Manager", "version": {"version_data": [{"version_value": "9.1"}, {"version_value": "9.2"}, {"version_value": "9.3"}]}}]}, "vendor_name": "Micro Focus"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user\u2019s CheckIn request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Access Control Bypass"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03489552", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/doc/KM03489552"}, {"name": "https://ashsecurity.wordpress.com/2019/07/09/cm-cve/", "refsource": "MISC", "url": "https://ashsecurity.wordpress.com/2019/07/09/cm-cve/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:03:31.569Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03489552"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ashsecurity.wordpress.com/2019/07/09/cm-cve/"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2019-11653", "datePublished": "2019-08-07T16:28:52.000Z", "dateReserved": "2019-05-01T00:00:00.000Z", "dateUpdated": "2024-08-04T23:03:31.569Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:content_manager:9.1.0:patch6_hotfix1:*:*:*:*:*:*", "matchCriteriaId": "4EF956E8-9761-4550-B3D1-BFDBD09FFACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.1.0:patch6_hotfix2:*:*:*:*:*:*", "matchCriteriaId": "5DA8E278-9C2F-4B69-A57F-0C3F9D359386", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.1.0:patch6_hotfix3:*:*:*:*:*:*", "matchCriteriaId": "CF758355-2356-4635-8E8A-C0B0DD27B83D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.1.0:patch6_hotfix4:*:*:*:*:*:*", "matchCriteriaId": "D83F4247-AE82-4A2E-AEB8-72F2ED660B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.1.0:patch6_hotfix5:*:*:*:*:*:*", "matchCriteriaId": "5151A7D7-205B-4A30-A397-EA082D916880", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.2.0:patch3_hotfix1:*:*:*:*:*:*", "matchCriteriaId": "7C2633E3-A0EE-4366-9F52-41E32F87E5CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.3.0:patch2_hotfix1:*:*:*:*:*:*", "matchCriteriaId": "1354CAA5-1308-4C0F-B8F5-BF334F5E0C24", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.3.0:patch2_hotfix2:*:*:*:*:*:*", "matchCriteriaId": "A1FB038F-85F3-4753-BC55-C09BA2C69FBB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user\u2019s CheckIn request."}, {"lang": "es", "value": "Bypass de control de acceso remoto en Micro Focus Content Manager. versiones 9.1, 9.2, 9.3. La vulnerabilidad podr\u00eda explotarse para manipular los datos almacenados durante la solicitud de CheckIn de otro usuario."}], "id": "CVE-2019-11653", "lastModified": "2024-11-21T04:21:32.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-07T17:15:12.167", "references": [{"source": "security@opentext.com", "url": "https://ashsecurity.wordpress.com/2019/07/09/cm-cve/"}, {"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03489552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ashsecurity.wordpress.com/2019/07/09/cm-cve/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://softwaresupport.softwaregrp.com/doc/KM03489552"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}