Summary
Java Objects Deserialization & Cross-site Request forgery (CSRF) vulnerabilities has been identified in UCMDB Server, a component for CMS. This document provides required actions that must be performed to mitigate those vulnerability.
Error
Java Objects Deserialization & Cross-site Request forgery (CSRF) vulnerabilities found with UD server and probe component.
Fix
ACTION: Review all details in instructions provided in this paper to address the vulnerability.
Micro Focus recommend addressing this information as soon as possible.
Solution For
UCMDB 10.20; 10.21; 10.22
UCMDB 10.22 CUP7
Windows:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00207
Linux:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00208
Solution For
UCMDB 10.30; 10.31; 10.32; 10.33
UCMDB 10.33 CUP2
Windows:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00204
Linux:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00205
Solution For
UCMDB 11.0
CMS Server 2018.05
Software Entitlements Portal