Summary
Reference
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Remote Vulnerability>
VULNERABILITY SUMMARY
A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow unauthorized access and modification of data.
CVE References: CVE-2019-11661
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2019-11661 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L |
6.7 |
(AV:N/AC:M/Au:N/C:C/I:C/A:C) |
X.X |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest Service Manager 9.63
Package (Applications):
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Remote Vulnerability>
VULNERABILITY SUMMARY
A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited in some special cases to allow information exposure through an error message.
CVE References: CVE-2019-11662
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2019-11662 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N |
2.6 |
(AV:N/AC:M/Au:N/C:C/I:C/A:C) |
X.X |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest Service Manager 9.63
Package (Server for Windows):
Package (Server for Linux):
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Remote Vulnerability>
VULNERABILITY SUMMARY
A vulnerability in a third-party embedded component was addressed by Service Manager. The vulnerability could be exploited to allow sensitive data exposure.
CVE References: CVE-2019-11663
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2019-11663 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L |
6.7 |
(AV:N/AC:M/Au:N/C:C/I:C/A:C) |
X.X |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest SM 9.63
Package (Knowledge Management):
Or you can upgrade to the latest patch of your specific version.
For version 9.30 - 9.35 please:
Upgrade to SM 9.35.P7 and above
Package (Knowledge Management):
For version 9.40, 9.41 please:
Upgrade to SM 9.41.P8 and above
Package (Knowledge Management):
For version 9.50 – 9.52 please:
Upgrade to SM 9.52.P5 and above
Package (Knowledge Management):
For version 9.60 – 9.62 please:
Upgrade to SM 9.63 and above
Package (Knowledge Management):
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Local Vulnerability>
VULNERABILITY SUMMARY
A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow sensitive data exposure.
CVE References: CVE-2019-11664
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2019-11664 |
CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L |
5.6 |
(AV:N/AC:M/Au:N/C:C/I:C/A:C) |
X.X |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest Service Manager 9.63
Package (Web Tier):
Or you can upgrade to the latest patch of your specific version.
For version 9.30 - 9.35 please:
Upgrade to SM 9.35.P7 and above
Package (Web Tier):
For version 9.40, 9.41 please:
Upgrade to SM 9.41.P8 and above
Package (Web Tier):
For version 9.50 – 9.52 please:
Upgrade to SM 9.52.P5 and above
Package (Web Tier):
For version 9.60 – 9.62 please:
Upgrade to the latest Service Manager 9.63
Package (Web Tier):
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Remote Vulnerability>
VULNERABILITY SUMMARY
A vulnerability in an embedded third-party component was addressed by Service Manager. The vulnerability could be exploited to allow a denial of service and sensitive data exposure.
CVE References: CVE-2018-0732 and CVE-2018-0737
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2018-0732 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
7.5 |
(AV:N/AC:L/Au:N/C:N/I:N/A:P) |
5.0 |
|
CVE-2018-0737 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
5.9 |
(AV:N/AC:M/Au:N/C:P/I:N/A:N) |
4.3 |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest Service Manager 9.63
Package (Server for Windows):
Package (Server for Linux):
Or you can upgrade to the latest patch of your specific version.
For version 9.30 - 9.35 please:
Upgrade to SM 9.35.P7 and above
Package (Server for AIX):
Package (Server for HP Itanium):
Package (Server for HP Itanium Server for Oracle 12c):
Package (Server for Linux):
Package (Server for Solaris):
Package (Server for Windows):
For version 9.40, 9.41 please:
Upgrade to SM 9.41.P8 and above
Package (Server for AIX):
Package (Server for HP-UX/IA):
Package (Server for Linux):
Package (Server for Solaris):
Package (Server for Windows):
For version 9.50 – 9.52 please:
Upgrade to SM 9.52.P5 and above
Package (Server for Windows):
Package (Server for Linux):
For version 9.60 – 9.62 please:
Upgrade to SM 9.63 and above
Package (Server for Windows):
Package (Server for Linux):
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Remote Vulnerability>
VULNERABILITY SUMMARY
A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow sensitive data exposure.
CVE References: CVE-2019-11665
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2019-11665 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L |
6.7 |
(AV:N/AC:M/Au:N/C:C/I:C/A:C) |
X.X |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest Service Manager 9.63
Package (Server for Windows):
Package (Server for Linux):
SUPPORT COMMUNICATION - SECURITY BULLETIN
Potential Security Impact: <Remote Vulnerability>
VULNERABILITY SUMMARY
A vulnerability in an emdedded third-party component was addressed by Service Manager. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
CVE References: CVE-2019-11666
CVSS Version 3.0 and Version 2.0 Base Metrics
|
Reference |
V3 Vector |
V3 Base Score |
V2 Vector |
V2 Base Score |
|---|---|---|---|---|
|
CVE-2019-11666 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N |
3.7 |
(AV:N/AC:M/Au:N/C:C/I:C/A:C) |
X.X |
RESOLUTION:
Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:
For all versions we recommend to:
Upgrade to the latest Service Manager 9.63
Package (Service Request Catalog):
For all vulnerabilities above note the following:
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Service Manager: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62