📦

solutions_business_manager

Vendor: microfocus

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 2 Remote Access

Total CVEs 17 Total Indexed

Avg. EPSS 0.29% Exploit Prob.

Latest CVE CVE-2019-18947 Feb 26

Security Vulnerability Index

Page 2 / 2

6.1 CVSS

CVE-2018-19641

RCE

Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

EPSS: 0.63%

Severity: MEDIUM

Mar 27, 2019

9.8 CVSS

CVE-2018-19645

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

EPSS: 0.43%

Severity: CRITICAL

Feb 12, 2019

6.5 CVSS

CVE-2018-7682

Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.

EPSS: 0.26%

Severity: MEDIUM

Jun 22, 2018

7.5 CVSS

CVE-2018-7683

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

EPSS: 0.30%

Severity: HIGH

Jun 21, 2018

4.8 CVSS

CVE-2018-7681

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.

EPSS: 0.21%

Severity: MEDIUM

Jun 21, 2018

6.1 CVSS

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.

EPSS: 0.24%

Severity: MEDIUM

Jun 21, 2018

9.8 CVSS

CVE-2018-7679

RCE

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.

EPSS: 1.69%

Severity: CRITICAL

Jun 21, 2018

Displaying 7 of 17 Total Entries

1 2

Total 2 Sections