Microfocus Service Manager 9.30 Remote Code Execution Vulnerability

Summary

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.

Credit:

The information has been provided by Microfocus

The original article can be found at: https://softwaresupport.softwaregrp.com/doc/KM03452977


Details

Microfocus Service Manager is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • Microfocus Service Manager 9.30
  • Microfocus Service Manager 9.31
  • Microfocus Service Manager 9.32
  • Microfocus Service Manager 9.33
  • Microfocus Service Manager 9.34
  • Microfocus Service Manager 9.35
  • Microfocus Service Manager 40
  • Microfocus Service Manager 9.41
  • Microfocus Service Manager 9.50
  • Microfocus Service Manager 9.51
  • Microfocus Service Manager 9.52
  • Microfocus Service Manager 9.60
  • Microfocus Service Manager 9.61

CVE Information:

CVE-2019-11646

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News