Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-9521

An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.

Published

2020-03-26T15:15:25.337

Last Modified

2024-11-21T05:40:47.833

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microfocus	service_manager_automation	2018.02	Yes
Application	microfocus	service_manager_automation	2018.05	Yes
Application	microfocus	service_manager_automation	2018.08	Yes
Application	microfocus	service_manager_automation	2019.02	Yes
Application	microfocus	service_manager_automation	2019.05	Yes
Application	microfocus	service_manager_automation	2019.08	Yes

References

https://softwaresupport.softwaregrp.com/doc/KM03630615 ([email protected])
https://softwaresupport.softwaregrp.com/doc/KM03630615 (af854a3a-2127-422b-91ae-364da2661108)