CVE-2018-6498

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

Published : 2018-08-30 21:29 Updated : 2019-10-09 23:41

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Microfocus Data Center Automation 2017.01 cpe:/a:microfocus:data_center_automation:2017.01
Microfocus Data Center Automation 2017.05 cpe:/a:microfocus:data_center_automation:2017.05
Microfocus Data Center Automation 2017.08 cpe:/a:microfocus:data_center_automation:2017.08
Microfocus Data Center Automation 2017.09 cpe:/a:microfocus:data_center_automation:2017.09
Microfocus Data Center Automation 2017.11 cpe:/a:microfocus:data_center_automation:2017.11
Microfocus Data Center Automation 2018.02 cpe:/a:microfocus:data_center_automation:2018.02
Microfocus Data Center Automation 2018.05 cpe:/a:microfocus:data_center_automation:2018.05
Microfocus Hybrid Cloud Management 2017.11 cpe:/a:microfocus:hybrid_cloud_management:2017.11::~~premium~~~
Microfocus Hybrid Cloud Management 2017.11 cpe:/a:microfocus:hybrid_cloud_management:2017.11::~~ultimate~~~
Microfocus Hybrid Cloud Management 2018.02 cpe:/a:microfocus:hybrid_cloud_management:2018.02::~~premium~~~
Microfocus Hybrid Cloud Management 2018.02 cpe:/a:microfocus:hybrid_cloud_management:2018.02::~~ultimate~~~
Microfocus Hybrid Cloud Management 2018.05 cpe:/a:microfocus:hybrid_cloud_management:2018.05::~~premium~~~
Microfocus Hybrid Cloud Management 2018.05 cpe:/a:microfocus:hybrid_cloud_management:2018.05::~~ultimate~~~
Microfocus Network Operations Management 2017.11 cpe:/a:microfocus:network_operations_management:2017.11
Microfocus Network Operations Management 2018.02 cpe:/a:microfocus:network_operations_management:2018.02
Microfocus Network Operations Management 2018.05 cpe:/a:microfocus:network_operations_management:2018.05::~~premium~~~
Microfocus Operations Bridge 2017.11 cpe:/a:microfocus:operations_bridge:2017.11::~~premium~~~
Microfocus Operations Bridge 2018.02 cpe:/a:microfocus:operations_bridge:2018.02::~~premium~~~
Microfocus Operations Bridge 2018.05 cpe:/a:microfocus:operations_bridge:2018.05::~~premium~~~
Microfocus Service Management Automation 2017.11 cpe:/a:microfocus:service_management_automation:2017.11
Microfocus Service Management Automation 2018.02 cpe:/a:microfocus:service_management_automation:2018.02
Microfocus Service Management Automation 2018.05 cpe:/a:microfocus:service_management_automation:2018.05
  1. Microfocus (5) Search CVE
    1. Service Management Automation (3) Search CVE
      1. 2017.11
      2. 2018.02
      3. 2018.05
    2. Data Center Automation (7) Search CVE
      1. 2017.01
      2. 2017.05
      3. 2017.08
      4. 2017.09
      5. 2017.11
      6. 2018.02
      7. 2018.05
    3. Hybrid Cloud Management (3) Search CVE
      1. 2017.11
      2. 2018.02
      3. 2018.05
    4. Network Operations Management (3) Search CVE
      1. 2017.11
      2. 2018.02
      3. 2018.05
    5. Operations Bridge (3) Search CVE
      1. 2017.11
      2. 2018.02
      3. 2018.05

CWE

ID Name Description Links
CWE-94 Improper Control of Generation of Code ('Code Injection') The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. CVE

History of changes

Date Event
2018-11-13 18:28
2018-08-30 21:29

New CVE