CVE-2017-14363 - OpenCVE

Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Operations Manager I

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:operations_manager_i:10.60:::::::*
	cpe:2.3:a:microfocus:operations_manager_i:10.61:::::::*
	cpe:2.3:a:microfocus:operations_manager_i:10.62:::::::*

References

Link	Resource
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2017-12-21T00:00:00

Updated: 2021-01-06T16:15:26

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14363

JSON object: View

NVD Information

Status : Modified

Published: 2017-12-21T22:29:00.210

Modified: 2023-11-07T02:38:58.490

Link: CVE-2017-14363

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Operations Manager i", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "10.60, 10.61, 10.62"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank Vahagn Vardanyan for reporting this issue to security-alert@hpe.com"}], "datePublic": "2017-12-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting (XSS)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:26", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}], "title": "MFSBGN03795 rev.1 - Micro Focus Operations Manager i - Remote Cross-Site Scripting (XSS)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-12-21T20:30:00.000Z", "ID": "CVE-2017-14363", "STATE": "PUBLIC", "TITLE": "MFSBGN03795 rev.1 - Micro Focus Operations Manager i - Remote Cross-Site Scripting (XSS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Operations Manager i", "version": {"version_data": [{"version_value": "10.60, 10.61, 10.62"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": ["Micro Focus would like to thank Vahagn Vardanyan for reporting this issue to security-alert@hpe.com"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."}]}, "exploit": "Cross-Site Scripting (XSS)", "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14363", "datePublished": "2017-12-21T00:00:00", "dateReserved": "2017-09-12T00:00:00", "dateUpdated": "2021-01-06T16:15:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:operations_manager_i:10.60:*:*:*:*:*:*:*", "matchCriteriaId": "F9FF5A51-83C2-4964-9850-CC57D1A1C126", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:operations_manager_i:10.61:*:*:*:*:*:*:*", "matchCriteriaId": "32E0A392-4756-4AEB-ABE3-435298D61BB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:operations_manager_i:10.62:*:*:*:*:*:*:*", "matchCriteriaId": "A3FF75EB-5105-433D-8350-D692658EC262", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS)."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad Cross-Site Scripting (XSS) en Micro Focus Operations Manager i en las versiones 10.60, 10.61 y 10.62. La vulnerabilidad se podr\u00eda explotar de forma remota para permitir que se produzca Cross-Site Scripting (XSS)."}], "id": "CVE-2017-14363", "lastModified": "2023-11-07T02:38:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 4.7, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2017-12-21T22:29:00.210", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03060545"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}