CVE-2019-11651: XSS
First published: Wed Oct 02 2019(Updated: )
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
Credit: security@microfocus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microfocus Enterprise Developer | =3.0 | |
| Microfocus Enterprise Developer | =3.0-patch_1 | |
| Microfocus Enterprise Developer | =3.0-patch_10 | |
| Microfocus Enterprise Developer | =3.0-patch_11 | |
| Microfocus Enterprise Developer | =3.0-patch_12 | |
| Microfocus Enterprise Developer | =3.0-patch_13 | |
| Microfocus Enterprise Developer | =3.0-patch_14 | |
| Microfocus Enterprise Developer | =3.0-patch_15 | |
| Microfocus Enterprise Developer | =3.0-patch_16 | |
| Microfocus Enterprise Developer | =3.0-patch_17 | |
| Microfocus Enterprise Developer | =3.0-patch_18 | |
| Microfocus Enterprise Developer | =3.0-patch_19 | |
| Microfocus Enterprise Developer | =3.0-patch_2 | |
| Microfocus Enterprise Developer | =3.0-patch_3 | |
| Microfocus Enterprise Developer | =3.0-patch_4 | |
| Microfocus Enterprise Developer | =3.0-patch_5 | |
| Microfocus Enterprise Developer | =3.0-patch_6 | |
| Microfocus Enterprise Developer | =3.0-patch_7 | |
| Microfocus Enterprise Developer | =3.0-patch_8 | |
| Microfocus Enterprise Developer | =3.0-patch_9 | |
| Microfocus Enterprise Developer | =4.0 | |
| Microfocus Enterprise Developer | =4.0-patch_1 | |
| Microfocus Enterprise Developer | =4.0-patch_10 | |
| Microfocus Enterprise Developer | =4.0-patch_11 | |
| Microfocus Enterprise Developer | =4.0-patch_2 | |
| Microfocus Enterprise Developer | =4.0-patch_3 | |
| Microfocus Enterprise Developer | =4.0-patch_4 | |
| Microfocus Enterprise Developer | =4.0-patch_5 | |
| Microfocus Enterprise Developer | =4.0-patch_6 | |
| Microfocus Enterprise Developer | =4.0-patch_7 | |
| Microfocus Enterprise Developer | =4.0-patch_8 | |
| Microfocus Enterprise Developer | =4.0-patch_9 | |
| Microfocus Enterprise Developer | =5.0 | |
| Microfocus Enterprise Developer | =5.0-patch_1 | |
| Microfocus Enterprise Server | =3.0 | |
| Microfocus Enterprise Server | =3.0-patch_1 | |
| Microfocus Enterprise Server | =3.0-patch_10 | |
| Microfocus Enterprise Server | =3.0-patch_11 | |
| Microfocus Enterprise Server | =3.0-patch_12 | |
| Microfocus Enterprise Server | =3.0-patch_13 | |
| Microfocus Enterprise Server | =3.0-patch_14 | |
| Microfocus Enterprise Server | =3.0-patch_15 | |
| Microfocus Enterprise Server | =3.0-patch_16 | |
| Microfocus Enterprise Server | =3.0-patch_17 | |
| Microfocus Enterprise Server | =3.0-patch_18 | |
| Microfocus Enterprise Server | =3.0-patch_19 | |
| Microfocus Enterprise Server | =3.0-patch_2 | |
| Microfocus Enterprise Server | =3.0-patch_3 | |
| Microfocus Enterprise Server | =3.0-patch_4 | |
| Microfocus Enterprise Server | =3.0-patch_5 | |
| Microfocus Enterprise Server | =3.0-patch_6 | |
| Microfocus Enterprise Server | =3.0-patch_7 | |
| Microfocus Enterprise Server | =3.0-patch_8 | |
| Microfocus Enterprise Server | =3.0-patch_9 | |
| Microfocus Enterprise Server | =4.0 | |
| Microfocus Enterprise Server | =4.0-patch_1 | |
| Microfocus Enterprise Server | =4.0-patch_10 | |
| Microfocus Enterprise Server | =4.0-patch_11 | |
| Microfocus Enterprise Server | =4.0-patch_2 | |
| Microfocus Enterprise Server | =4.0-patch_3 | |
| Microfocus Enterprise Server | =4.0-patch_4 | |
| Microfocus Enterprise Server | =4.0-patch_5 | |
| Microfocus Enterprise Server | =4.0-patch_6 | |
| Microfocus Enterprise Server | =4.0-patch_7 | |
| Microfocus Enterprise Server | =4.0-patch_8 | |
| Microfocus Enterprise Server | =4.0-patch_9 | |
| Microfocus Enterprise Server | =5.0 | |
| Microfocus Enterprise Server | =5.0-patch_1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11651?
CVE-2019-11651 is classified as a high severity vulnerability due to its potential for reflected cross-site scripting (XSS) exploits.
How do I fix CVE-2019-11651?
To mitigate CVE-2019-11651, upgrade to Micro Focus Enterprise Developer and Enterprise Server versions 3.0 Patch Update 20, 4.0 Patch Update 12, or 5.0 Patch Update 2 or later.
Which versions are affected by CVE-2019-11651?
CVE-2019-11651 affects all versions of Micro Focus Enterprise Developer and Enterprise Server prior to the specified patch updates.
What is the nature of the vulnerability described in CVE-2019-11651?
CVE-2019-11651 is a reflected cross-site scripting vulnerability that could enable attackers to redirect users to malicious sites.
What can be impacted by exploiting CVE-2019-11651?
Exploiting CVE-2019-11651 could allow attackers to forge web requests or perform unauthorized actions in the context of a user's session.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/microfocus
- canonical/microfocus enterprise developer
- version/microfocus enterprise developer/3.0
- version/microfocus enterprise developer/3.0-patch_1
- version/microfocus enterprise developer/3.0-patch_10
- version/microfocus enterprise developer/3.0-patch_11
- version/microfocus enterprise developer/3.0-patch_12
- version/microfocus enterprise developer/3.0-patch_13
- version/microfocus enterprise developer/3.0-patch_14
- version/microfocus enterprise developer/3.0-patch_15
- version/microfocus enterprise developer/3.0-patch_16
- version/microfocus enterprise developer/3.0-patch_17
- version/microfocus enterprise developer/3.0-patch_18
- version/microfocus enterprise developer/3.0-patch_19
- version/microfocus enterprise developer/3.0-patch_2
- version/microfocus enterprise developer/3.0-patch_3
- version/microfocus enterprise developer/3.0-patch_4
- version/microfocus enterprise developer/3.0-patch_5
- version/microfocus enterprise developer/3.0-patch_6
- version/microfocus enterprise developer/3.0-patch_7
- version/microfocus enterprise developer/3.0-patch_8
- version/microfocus enterprise developer/3.0-patch_9
- version/microfocus enterprise developer/4.0
- version/microfocus enterprise developer/4.0-patch_1
- version/microfocus enterprise developer/4.0-patch_10
- version/microfocus enterprise developer/4.0-patch_11
- version/microfocus enterprise developer/4.0-patch_2
- version/microfocus enterprise developer/4.0-patch_3
- version/microfocus enterprise developer/4.0-patch_4
- version/microfocus enterprise developer/4.0-patch_5
- version/microfocus enterprise developer/4.0-patch_6
- version/microfocus enterprise developer/4.0-patch_7
- version/microfocus enterprise developer/4.0-patch_8
- version/microfocus enterprise developer/4.0-patch_9
- version/microfocus enterprise developer/5.0
- version/microfocus enterprise developer/5.0-patch_1
- canonical/microfocus enterprise server
- version/microfocus enterprise server/3.0
- version/microfocus enterprise server/3.0-patch_1
- version/microfocus enterprise server/3.0-patch_10
- version/microfocus enterprise server/3.0-patch_11
- version/microfocus enterprise server/3.0-patch_12
- version/microfocus enterprise server/3.0-patch_13
- version/microfocus enterprise server/3.0-patch_14
- version/microfocus enterprise server/3.0-patch_15
- version/microfocus enterprise server/3.0-patch_16
- version/microfocus enterprise server/3.0-patch_17
- version/microfocus enterprise server/3.0-patch_18
- version/microfocus enterprise server/3.0-patch_19
- version/microfocus enterprise server/3.0-patch_2
- version/microfocus enterprise server/3.0-patch_3
- version/microfocus enterprise server/3.0-patch_4
- version/microfocus enterprise server/3.0-patch_5
- version/microfocus enterprise server/3.0-patch_6
- version/microfocus enterprise server/3.0-patch_7
- version/microfocus enterprise server/3.0-patch_8
- version/microfocus enterprise server/3.0-patch_9
- version/microfocus enterprise server/4.0
- version/microfocus enterprise server/4.0-patch_1
- version/microfocus enterprise server/4.0-patch_10
- version/microfocus enterprise server/4.0-patch_11
- version/microfocus enterprise server/4.0-patch_2
- version/microfocus enterprise server/4.0-patch_3
- version/microfocus enterprise server/4.0-patch_4
- version/microfocus enterprise server/4.0-patch_5
- version/microfocus enterprise server/4.0-patch_6
- version/microfocus enterprise server/4.0-patch_7
- version/microfocus enterprise server/4.0-patch_8
- version/microfocus enterprise server/4.0-patch_9
- version/microfocus enterprise server/5.0
- version/microfocus enterprise server/5.0-patch_1