CVE-2018-7681

EUVD-2018-19397
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
microfocussolutions_business_manager
𝑥
< 11.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm
http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm