CVE-2018-6491 - OpenCVE

Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Ucmdb Configuration Manager

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.20:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.21:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.22:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.30:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.31:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.32:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.33:::::::*
	cpe:2.3:a:microfocus:ucmdb_configuration_manager:11.00:::::::*

References

Link	Resource
http://www.securitytracker.com/id/1040680
https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2018-04-23T21:00:00

Updated: 2021-01-06T16:16:08

Reserved: 2018-02-01T00:00:00

Link: CVE-2018-6491

JSON object: View

NVD Information

Status : Modified

Published: 2018-04-24T01:29:00.397

Modified: 2023-11-07T02:59:56.333

Link: CVE-2018-6491

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Universal CMDB", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00"}]}], "credits": [{"lang": "en", "value": "Micro Focus would like to thank TrendyTofu of Trend Micro's Zero Day Initiative for reporting this issue to cyber-psrt@microfocus.com."}], "datePublic": "2018-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege."}], "exploits": [{"lang": "en", "value": "Local Escalation of Privilege"}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Local Escalation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:08", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "1040680", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040680"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180"}], "source": {"discovery": "UNKNOWN"}, "title": "MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2018-6491", "STATE": "PUBLIC", "TITLE": "MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Universal CMDB", "version": {"version_data": [{"version_value": "10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00"}]}}]}, "vendor_name": "Micro Focus"}]}}, "credit": [{"lang": "eng", "value": "Micro Focus would like to thank TrendyTofu of Trend Micro's Zero Day Initiative for reporting this issue to cyber-psrt@microfocus.com."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege."}]}, "exploit": [{"lang": "en", "value": "Local Escalation of Privilege"}], "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Local Escalation of Privilege"}]}]}, "references": {"reference_data": [{"name": "1040680", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040680"}, {"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2018-6491", "datePublished": "2018-04-23T21:00:00", "dateReserved": "2018-02-01T00:00:00", "dateUpdated": "2021-01-06T16:16:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.20:*:*:*:*:*:*:*", "matchCriteriaId": "F02FF23A-C3C1-40A0-86D2-2D3670F8023A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.21:*:*:*:*:*:*:*", "matchCriteriaId": "780A0E82-769A-4683-AB07-2CF032A0CE9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.22:*:*:*:*:*:*:*", "matchCriteriaId": "03B6B711-E61B-4956-AFBD-6C05AC853116", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.30:*:*:*:*:*:*:*", "matchCriteriaId": "21D99F23-AF13-47EF-8689-25BCBC97FBF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.31:*:*:*:*:*:*:*", "matchCriteriaId": "28BFA973-F26F-49FB-B0A6-24D76A5453CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.32:*:*:*:*:*:*:*", "matchCriteriaId": "604BCBEE-604A-422C-8CEE-5DA7F311A0F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:10.33:*:*:*:*:*:*:*", "matchCriteriaId": "8030C319-AA7C-4862-8C2D-940E58DF6C3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:ucmdb_configuration_manager:11.00:*:*:*:*:*:*:*", "matchCriteriaId": "94D4364A-8737-49EB-B2A1-676F70BB4826", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege."}, {"lang": "es", "value": "Vulnerabilidad de escalado local de privilegios en Micro Focus Universal CMDB 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33 y 11.00. La vulnerabilidad se podr\u00eda explotar de forma remota para permitir un escalado local de privilegios."}], "id": "CVE-2018-6491", "lastModified": "2023-11-07T02:59:56.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2018-04-24T01:29:00.397", "references": [{"source": "security@opentext.com", "url": "http://www.securitytracker.com/id/1040680"}, {"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03141180"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}