PT-2019-12461 · Micro Focus+1 · Content Manager+1

Published

2019-08-29

Updated

2019-08-30

CVE-2019-11658

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Micro Focus Content Manager versions 9.1 through 9.3

Description The issue allows valid system users to access a limited subset of records they would not normally be able to access when the system is in an abnormal state. This occurs when the system is configured to use an Oracle database.

Recommendations For versions 9.1 through 9.3, consider restricting access to sensitive records until a fix is available. As a temporary workaround, review system configurations and user permissions to minimize the risk of unauthorized access.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-11658

Affected Products

Content Manager

Oracle Database

PT-2019-12461 · Micro Focus+1 · Content Manager+1

CVE-2019-11658

Weakness Enumeration

Related Identifiers

Affected Products

References · 3