CVE-2019-11666
First published: Tue Sep 17 2019(Updated: )
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
Credit: security@microfocus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP Service Manager | >=9.30<=9.62 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11666?
CVE-2019-11666 has been assigned a medium severity rating due to the potential impact of insecure deserialization.
How do I fix CVE-2019-11666?
To fix CVE-2019-11666, update the Micro Focus Service Manager to a version later than 9.62 where the vulnerability is patched.
What versions of Micro Focus Service Manager are affected by CVE-2019-11666?
CVE-2019-11666 affects Micro Focus Service Manager versions 9.30 to 9.62.
What is insecure deserialization in the context of CVE-2019-11666?
Insecure deserialization allows an attacker to exploit the application by manipulating untrusted data during the deserialization process.
Can CVE-2019-11666 lead to remote code execution?
Yes, exploiting CVE-2019-11666 could potentially allow an attacker to execute arbitrary code on the affected system.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microfocus
- canonical/hp service manager
- version/hp service manager/9.30
- version/hp service manager/9.62