CVE-2019-11658 - OpenCVE

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microfocus	Content Manager

Configuration 1 [-]

OR	cpe:2.3:a:microfocus:content_manager:9.1:::::::*
	cpe:2.3:a:microfocus:content_manager:9.2:::::::*
	cpe:2.3:a:microfocus:content_manager:9.3:::::::*

References

Link	Resource
https://softwaresupport.softwaregrp.com/doc/KM03496282

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2019-08-29T22:23:51

Updated: 2021-01-06T16:15:45

Reserved: 2019-05-01T00:00:00

Link: CVE-2019-11658

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-30T09:15:17.833

Modified: 2023-11-07T03:03:07.560

Link: CVE-2019-11658

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "Content Manager", "vendor": "Micro Focus", "versions": [{"status": "affected", "version": "9.1"}, {"status": "affected", "version": "9.2"}, {"status": "affected", "version": "9.3"}]}], "descriptions": [{"lang": "en", "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."}], "problemTypes": [{"descriptions": [{"description": "Information exposure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:45", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2019-11658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Content Manager", "version": {"version_data": [{"version_value": "9.1"}, {"version_value": "9.2"}, {"version_value": "9.3"}]}}]}, "vendor_name": "Micro Focus"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information exposure"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03496282", "refsource": "CONFIRM", "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2019-11658", "datePublished": "2019-08-29T22:23:51", "dateReserved": "2019-05-01T00:00:00", "dateUpdated": "2021-01-06T16:15:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:content_manager:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "3BB65A0F-8122-478A-B6CC-C294B5058DCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "188A87B3-51E7-4BF9-AA4D-763341837307", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:content_manager:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "C92ABB72-C181-4854-AF8E-07E4BEEC76DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state."}, {"lang": "es", "value": "Una exposici\u00f3n de informaci\u00f3n en Micro Focus Content Manager, versiones 9.1, 9.2 y 9.3. Esta vulnerabilidad cuando esta configurado para utilizar una base de datos de Oracle, permite a usuarios v\u00e1lidos del sistema conseguir acceso a un subconjunto limitado de registros a los que normalmente no son capaces de acceder cuando el sistema se encuentra en un estado anormal no revelado."}], "id": "CVE-2019-11658", "lastModified": "2023-11-07T03:03:07.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-30T09:15:17.833", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03496282"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}