CVE-2018-19644 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Affected Products (NVD)

Vendor	Product	Version
microfocus	solutions_business_manager	𝑥 < 11.5

𝑥

= Vulnerable software versions

openSUSE / SLES Releases

openSUSE Product

Release

libjpeg62

suse enterprise desktop 15 SP4	62.3.0-150400.15.7 fixed
suse enterprise desktop 15 SP5	62.3.0-150400.15.7 fixed
suse enterprise desktop 15 SP6	62.3.0-150600.22.3 fixed
suse enterprise desktop 15 SP7	62.3.0-150600.22.3 fixed
suse enterprise sap 15 SP4	62.3.0-150400.15.7 fixed
suse enterprise sap 15 SP5	62.3.0-150400.15.7 fixed
suse enterprise sap 15 SP6	62.3.0-150600.22.3 fixed
suse enterprise sap 15 SP7	62.3.0-150600.22.3 fixed
suse enterprise server 15 SP4	62.3.0-150400.15.7 fixed
suse enterprise server 15 SP5	62.3.0-150400.15.7 fixed
suse enterprise server 15 SP6	62.3.0-150600.22.3 fixed
suse enterprise server 15 SP7	62.3.0-150600.22.3 fixed

libjpeg62-devel

suse enterprise desktop 15 SP4	62.3.0-150400.15.7 fixed
suse enterprise desktop 15 SP5	62.3.0-150400.15.7 fixed
suse enterprise desktop 15 SP6	62.3.0-150600.22.3 fixed
suse enterprise desktop 15 SP7	62.3.0-150600.22.3 fixed
suse enterprise sap 15 SP4	62.3.0-150400.15.7 fixed
suse enterprise sap 15 SP5	62.3.0-150400.15.7 fixed
suse enterprise sap 15 SP6	62.3.0-150600.22.3 fixed
suse enterprise sap 15 SP7	62.3.0-150600.22.3 fixed
suse enterprise server 15 SP4	62.3.0-150400.15.7 fixed
suse enterprise server 15 SP5	62.3.0-150400.15.7 fixed
suse enterprise server 15 SP6	62.3.0-150600.22.3 fixed
suse enterprise server 15 SP7	62.3.0-150600.22.3 fixed

libjpeg8

suse enterprise desktop 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise desktop 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP7	8.2.2-150600.22.5 fixed

libjpeg8-32bit

suse enterprise desktop 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise desktop 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP7	8.2.2-150600.22.5 fixed

libjpeg8-devel

suse enterprise desktop 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise desktop 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP7	8.2.2-150600.22.5 fixed

libturbojpeg0

suse enterprise desktop 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise desktop 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise desktop 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise sap 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise sap 15 SP7	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP4	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP5	8.2.2-150400.15.9 fixed
suse enterprise server 15 SP6	8.2.2-150600.22.5 fixed
suse enterprise server 15 SP7	8.2.2-150600.22.5 fixed

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm

http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm