CVE-2018-7679: Input Validation
First published: Wed Jun 20 2018(Updated: )
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus Solutions Business Manager | <11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-7679?
CVE-2018-7679 has a high severity rating as it allows for remote code execution due to improper validation of user avatar images.
How do I fix CVE-2018-7679?
To fix CVE-2018-7679, ensure that ASP.NET does not have execute permissions on virtual directories and validate contents of user avatar images.
Which versions of Micro Focus Solutions Business Manager are affected by CVE-2018-7679?
CVE-2018-7679 affects all versions of Micro Focus Solutions Business Manager prior to version 11.4.
What are the consequences of CVE-2018-7679 exploitation?
Exploitation of CVE-2018-7679 can lead to remote code execution, allowing attackers to execute arbitrary code on the server.
Is there a patch available for CVE-2018-7679?
There is no specific patch mentioned, but upgrading to Micro Focus Solutions Business Manager version 11.4 or later addresses the vulnerability.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microfocus
- canonical/micro focus solutions business manager