Vulnerabilites related to microfocus - network_automation
CVE-2021-38123 (GCVE-0-2021-38123)
Vulnerability from cvelistv5
Published
2021-09-07 16:48
Modified
2024-08-04 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Open Redirect.
Summary
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Network Automation. |
Version: Network Automation (NA) versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000001673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Automation.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Network Automation (NA) versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open Redirect.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-07T16:48:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000001673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Automation.",
"version": {
"version_data": [
{
"version_value": "Network Automation (NA) versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open Redirect."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000001673",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000001673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38123",
"datePublished": "2021-09-07T16:48:24",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3493 (GCVE-0-2019-3493)
Vulnerability from cvelistv5
Published
2019-04-29 15:47
Modified
2024-08-04 19:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Network Automation and Micro Focus Network Operations Management (NOM) |
Version: network operations management all Version: network automation 9.20 9.21 10.00 10.10 10.20 10.40 10.30 10.50 2018.05 2018.08 2018.11 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03407763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Network Automation and Micro Focus Network Operations Management (NOM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "network operations management all"
},
{
"status": "affected",
"version": "network automation 9.20 9.21 10.00 10.10 10.20 10.40 10.30 10.50 2018.05 2018.08 2018.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:46",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03407763"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Network Automation and Micro Focus Network Operations Management (NOM)",
"version": {
"version_data": [
{
"version_value": "network operations management all"
},
{
"version_value": "network automation 9.20 9.21 10.00 10.10 10.20 10.40 10.30 10.50 2018.05 2018.08 2018.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03407763",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03407763"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3493",
"datePublished": "2019-04-29T15:47:08",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-09-07 17:15
Modified
2024-11-21 06:16
Severity ?
Summary
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | network_automation | 10.40 | |
| microfocus | network_automation | 10.50 | |
| microfocus | network_automation | 2018.05 | |
| microfocus | network_automation | 2018.11 | |
| microfocus | network_automation | 2019.05 | |
| microfocus | network_automation | 2020.02 | |
| microfocus | network_automation | 2020.08 | |
| microfocus | network_automation | 2020.11 | |
| microfocus | network_automation | 2021.05 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "42545A63-B5CA-4668-8AD0-4D341AEBE531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.50:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC2D47A-E969-4E42-95DB-34859638DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE62C5B-6464-4096-9324-5A9CCCFFECAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6814B971-E024-4096-86C3-8D4EA13FBE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2019.05:*:*:*:*:*:*:*",
"matchCriteriaId": "31890072-DB70-452B-BF01-41F8E46147CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2020.02:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBF1A50-1ABB-40B0-90D0-B5A5E344B219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2020.08:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D2BA93-BD51-4D66-95EE-A90F7221B7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2020.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E96A589-803F-4FA4-98C5-DEBBDF3FA589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2021.05:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1E6FF-D0BD-4558-B8B3-391F6A8C6A52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redirecci\u00f3n abierta en Micro Focus Network Automation, que afecta a las versiones 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05 de Network Automation. La vulnerabilidad podr\u00eda permitir redirigir a usuarios a sitios web maliciosos despu\u00e9s de la autenticaci\u00f3n"
}
],
"id": "CVE-2021-38123",
"lastModified": "2024-11-21T06:16:25.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-07T17:15:07.280",
"references": [
{
"source": "security@opentext.com",
"url": "https://portal.microfocus.com/s/article/KM000001673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://portal.microfocus.com/s/article/KM000001673"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-29 16:29
Modified
2024-11-21 04:42
Severity ?
Summary
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | network_automation | 9.20 | |
| microfocus | network_automation | 9.21 | |
| microfocus | network_automation | 10.00 | |
| microfocus | network_automation | 10.10 | |
| microfocus | network_automation | 10.20 | |
| microfocus | network_automation | 10.40 | |
| microfocus | network_automation | 10.50 | |
| microfocus | network_automation | 2018.05 | |
| microfocus | network_automation | 2018.08 | |
| microfocus | network_automation | 2018.11 | |
| microfocus | network_operations_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:network_automation:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC7644B-286B-401D-A9EC-E5E121691495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5681C1-C775-472B-9432-8931757D0B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.00:*:*:*:*:*:*:*",
"matchCriteriaId": "6A918B90-7408-46A9-B7F7-BD61CDBA03A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "172406ED-31E4-42C2-B000-811865DA2293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF2DC96-0F30-4A75-AAD7-730231549525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.40:*:*:*:*:*:*:*",
"matchCriteriaId": "42545A63-B5CA-4668-8AD0-4D341AEBE531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:10.50:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC2D47A-E969-4E42-95DB-34859638DEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2018.05:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE62C5B-6464-4096-9324-5A9CCCFFECAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2018.08:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECF3470-B13E-4CBB-A853-07879D98EE1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_automation:2018.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6814B971-E024-4096-86C3-8D4EA13FBE39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:network_operations_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117AE41F-8187-4FFC-83B4-61F934365C0E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution."
},
{
"lang": "es",
"value": "Se ha identificado una potencial vulnerabilidad de seguridad en las versiones de Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11 y en todas las versiones de Micro Focus Network Operations Management (NOM). La vulnerabilidad podr\u00eda ser explotada remotamente para la Ejecuci\u00f3n Remota de C\u00f3digo."
}
],
"id": "CVE-2019-3493",
"lastModified": "2024-11-21T04:42:08.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-29T16:29:00.733",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03407763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03407763"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}