What is CVE-2018-6499?

CVE-2018-6499 is a vulnerability that allows for remote code execution in multiple Microfocus products.

How severe is the CVE-2018-6499 vulnerability?

CVE-2018-6499 has a severity rating of 9.8 (critical).

How can I fix the CVE-2018-6499 vulnerability?

To fix the CVE-2018-6499 vulnerability, you should apply the latest security patches or updates provided by Microfocus.

Where can I find more information about CVE-2018-6499?

You can find more information about CVE-2018-6499 in the following references: [Link 1](https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632?lang=en&cc=us&hpappid=206728_SSO_PRO), [Link 2](https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236648), [Link 3](https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667).

Vulnerability/
CVE-2018-6499

critical

9.8

CWE

30/8/2018

17/9/2024

CVE-2018-6499: Code Injection

Q: Which products are affected by CVE-2018-6499?

The following products are affected: Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, and Service Management Automation Suite 2017.

First published: Thu Aug 30 2018(Updated: )

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
Microfocus Data Center Automation	=2017.01
Microfocus Data Center Automation	=2017.05
Microfocus Data Center Automation	=2017.08
Microfocus Data Center Automation	=2017.09
Microfocus Data Center Automation	=2017.11
Microfocus Data Center Automation	=2018.02
Microfocus Data Center Automation	=2018.05
Microfocus Hybrid Cloud Management	=2017.11
Microfocus Hybrid Cloud Management	=2017.11
Microfocus Hybrid Cloud Management	=2018.02
Microfocus Hybrid Cloud Management	=2018.02
Microfocus Hybrid Cloud Management	=2018.05
Microfocus Hybrid Cloud Management	=2018.05
Microfocus Network Operations Management	=2017.11
Microfocus Network Operations Management	=2018.02
Microfocus Network Operations Management	=2018.05
Micro Focus Operations Bridge Manager	=2017.11
Micro Focus Operations Bridge Manager	=2018.02
Micro Focus Operations Bridge Manager	=2018.05
Microfocus Service Management Automation	=2017.11
Microfocus Service Management Automation	=2018.02
Microfocus Service Management Automation	=2018.05
Microfocus Network Virtualization	=12.50
Microfocus Service Virtualization	=1.00
Microfocus Unified Functional Testing	=12.50
Microfocus Autopass License Server	<10.7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-6499?
CVE-2018-6499 is a vulnerability that allows for remote code execution in multiple Microfocus products.
Which products are affected by CVE-2018-6499?
The following products are affected: Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, and Service Management Automation Suite 2017.
How severe is the CVE-2018-6499 vulnerability?
CVE-2018-6499 has a severity rating of 9.8 (critical).
How can I fix the CVE-2018-6499 vulnerability?
To fix the CVE-2018-6499 vulnerability, you should apply the latest security patches or updates provided by Microfocus.
Where can I find more information about CVE-2018-6499?
You can find more information about CVE-2018-6499 in the following references: [Link 1](https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236632?lang=en&cc=us&hpappid=206728_SSO_PRO), [Link 2](https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236648), [Link 3](https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03236667).

collector/nvd-index
agent/references
agent/severity
agent/weakness
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/microfocus
canonical/microfocus data center automation
version/microfocus data center automation/2017.01
version/microfocus data center automation/2017.05
version/microfocus data center automation/2017.08
version/microfocus data center automation/2017.09
version/microfocus data center automation/2017.11
version/microfocus data center automation/2018.02
version/microfocus data center automation/2018.05
canonical/microfocus hybrid cloud management
version/microfocus hybrid cloud management/2017.11
version/microfocus hybrid cloud management/2018.02
version/microfocus hybrid cloud management/2018.05
canonical/microfocus network operations management
version/microfocus network operations management/2017.11
version/microfocus network operations management/2018.02
version/microfocus network operations management/2018.05
canonical/micro focus operations bridge manager
version/micro focus operations bridge manager/2017.11
version/micro focus operations bridge manager/2018.02
version/micro focus operations bridge manager/2018.05
canonical/microfocus service management automation
version/microfocus service management automation/2017.11
version/microfocus service management automation/2018.02
version/microfocus service management automation/2018.05
canonical/microfocus network virtualization
version/microfocus network virtualization/12.50
canonical/microfocus service virtualization
version/microfocus service virtualization/1.00
canonical/microfocus unified functional testing
version/microfocus unified functional testing/12.50
canonical/microfocus autopass license server

CVE-2018-6499: Code Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-6499?

Which products are affected by CVE-2018-6499?

How severe is the CVE-2018-6499 vulnerability?

How can I fix the CVE-2018-6499 vulnerability?

Where can I find more information about CVE-2018-6499?

Company

Resources

Contact