UCMDB Server: Java Objects Deserialization & Cross-site Request forgery (CSRF) vulnerabilities

  • KM03180030
  • 13-Jun-2018
  • 13-Jun-2018

Summary

Java Objects Deserialization & Cross-site Request forgery (CSRF) vulnerabilities has been identified in UCMDB Server, a component for CMS. This document provides required actions that must be performed to mitigate those vulnerability.

Error

Java Objects Deserialization & Cross-site Request forgery (CSRF) vulnerabilities found with UD server and probe component.

Fix

ACTION: Review all details in instructions provided in this paper to address the vulnerability.
Micro Focus recommend addressing this information as soon as possible.
 
Solution For
UCMDB 10.20; 10.21; 10.22
UCMDB 10.22 CUP7
 
Windows:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00207
 
Linux:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00208
 
 
Solution For
UCMDB 10.30; 10.31; 10.32; 10.33
UCMDB 10.33 CUP2
Windows:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00204
Linux:
https://mysupport.microfocus.com/group/softwaresupport/search-result/-/facetsearch/document/LID/UCMDB_00205
 
Solution For
UCMDB 11.0
CMS Server 2018.05
Software Entitlements Portal