CVE-2019-3477
published 2019-06-07CVE-2019-3477: Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
PriorityP424medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.65%
46.4th percentile
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | nifi | — | — |
| micro_focus | solutions_business_manager | — | — |
| microfocus | solutions_business_manager | < 11.4.2 | 11.4.2 |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_apache5.3
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m5p7-7h63-f228: Micro Focus Solution Business Manager versions prior to 11
ghsa_unreviewed·2022-05-24
CVE-2019-3477 [MEDIUM] CWE-601 GHSA-m5p7-7h63-f228: Micro Focus Solution Business Manager versions prior to 11
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
Apache
Apache nifi: CVE-2019-10083
vendor_apache·CVSS 5.3
CVE-2019-10083 Apache nifi: CVE-2019-10083
Apache nifi: CVE-2019-10083
Title: Potential Information Disclosure in Process Group Resources Published: 2019-11-04 Severity: Medium Products: Apache NiFi Affected Versions: 1.0.0 to 1.9.2 Fixed Versions: 1.10.0 Reporter: Mark Payne References CVE Record: CVE-2019-10083 NVD Record: CVE-2019-10083 Apache Jira Issue: NIFI-6302 GitHub Pull Request: 3477 When updating a Process Group via the API, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to. Requests to update or remove the process group will no longer return the contents of the process group in the response in Apache NiFi 1.10.0. Users running a prior release should upgrad
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-07
Published