Vulnerability Details CVE-2018-6497
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.8
References
Products affected by CVE-2018-6497
-
cpe:2.3:a:microfocus:cms_server:2018.05
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.20
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.21
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.22
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.30
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.31
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.32
-
cpe:2.3:a:microfocus:universal_cmbd_server:10.33
-
cpe:2.3:a:microfocus:universal_cmbd_server:11.0