CVE-2019-11658

EUVD-2019-3328
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
microfocuscontent_manager
9.1
microfocuscontent_manager
9.2
microfocuscontent_manager
9.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://softwaresupport.softwaregrp.com/doc/KM03496282
https://softwaresupport.softwaregrp.com/doc/KM03496282