CVE-2019-11658 - OpenCVE

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Content Manager

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:content_manager:9.1:::::::*
	cpe:2.3:a:microfocus:content_manager:9.2:::::::*
	cpe:2.3:a:microfocus:content_manager:9.3:::::::*

No data.

References

Link	Providers
https://softwaresupport.softwaregrp.com/doc/KM03496282

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2019-08-29T22:23:51

Updated: 2024-08-04T23:03:31.556Z

Reserved: 2019-05-01T00:00:00

Link: CVE-2019-11658

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-30T09:15:17.833

Modified: 2023-11-07T03:03:07.560

Link: CVE-2019-11658

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Content Manager", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.2"}, {"status": "affected", "version": "9.3"}]}], "descriptions": [{"lang": "en", "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."}], "problemTypes": [{"descriptions": [{"description": "Information exposure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:45", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2019-11658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Content Manager", "version": {"version_data": [{"version_value": "9.1"}, {"version_value": "9.2"}, {"version_value": "9.3"}]}}]}, "vendor_name": "Micro Focus"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information exposure"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03496282", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:03:31.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2019-11658", "datePublished": "2019-08-29T22:23:51", "dateReserved": "2019-05-01T00:00:00", "dateUpdated": "2024-08-04T23:03:31.556Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:content_manager:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "3BB65A0F-8122-478A-B6CC-C294B5058DCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "188A87B3-51E7-4BF9-AA4D-763341837307", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "C92ABB72-C181-4854-AF8E-07E4BEEC76DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n en Micro Focus Content Manager, versiones 9.1, 9.2 y 9.3. Esta vulnerabilidad cuando esta configurado para utilizar una base de datos de Oracle, permite a usuarios v\u00e1lidos del sistema conseguir acceso a un subconjunto limitado de registros a los que normalmente no son capaces de acceder cuando el sistema se encuentra en un estado anormal no revelado."}], "id": "CVE-2019-11658", "lastModified": "2023-11-07T03:03:07.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-30T09:15:17.833", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}