CVE-2018-6493

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 56.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Micro Focus Network Automation Micro Focus Network Operations Management Ultimate HP Network Automation +1 more

Timeline

PublishedMay 22

Latest updateMay 13

Description

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDhp/network_operations_management_ultimate2017.07, 2017.11, 2018.02+2

▶CVEListV5micro_focus/network_operations_management_ultimate2017.07, 2017.11, 2018.02

▶NVDhp/network_automation7 versions+6

▶CVEListV5micro_focus/network_automation10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50

🔴Vulnerability Details

GHSA

GHSA-vgw5-jf46-6j77: SQL Injection in HP Network Operations Management Ultimate, version 2017↗2022-05-13

▶

CVEList

MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities↗2018-05-22

▶