CVE-2017-14362 - OpenCVE

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Project And Portfolio Management

Configuration 1 [-]

cpe:2.3:a:microfocus:project_and_portfolio_management:9.32:*:*:*:*:*:*:*

References

Link	Resource
http://www.securitytracker.com/id/1040088
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2017-11-17T00:00:00

Updated: 2021-01-06T16:15:43

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14362

JSON object: View

NVD Information

Status : Modified

Published: 2017-12-13T01:29:00.453

Modified: 2023-11-07T02:38:58.217

Link: CVE-2017-14362

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "Project and Portfolio Management Center", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "9.32"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com"}], "datePublic": "2017-11-17T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:43", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "1040088", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040088"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}], "title": "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-11-17T22:00:00.000Z", "ID": "CVE-2017-14362", "STATE": "PUBLIC", "TITLE": "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Project and Portfolio Management Center", "version": {"version_data": [{"version_value": "9.32"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": ["Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack."}]}, "exploit": "Cross-Site Request Forgery (CSRF)", "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "1040088", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040088"}, {"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14362", "datePublished": "2017-11-17T00:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2021-01-06T16:15:43", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:project_and_portfolio_management:9.32:*:*:*:*:*:*:*", "matchCriteriaId": "C07AD255-320F-4029-8CBF-F2D364168D15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack."}, {"lang": "es", "value": "Vulnerabilidad Cross-Site Request Forgery (CSRF) en Micro Focus Project and Portfolio Management Center 9.32. Esto podr\u00eda ser explotado para permitir ataques Cross-Site Forgery."}], "id": "CVE-2017-14362", "lastModified": "2023-11-07T02:38:58.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2017-12-13T01:29:00.453", "references": [{"source": "security@opentext.com", "url": "http://www.securitytracker.com/id/1040088"}, {"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}