PT-2020-20711 · Micro Focus · Micro Focus Service Manager Automation

Published

2020-03-26

Updated

2020-03-30

CVE-2020-9521

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Micro Focus Service Manager Automation (SMA) versions 2018.02 through 2019.08

Description An SQL injection issue was discovered, potentially allowing the improper neutralization of special elements in SQL commands. This could make the product vulnerable to SQL injection.

Recommendations For versions 2018.02 through 2019.08, update to a version that includes a fix for the SQL injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-9521

Affected Products

Micro Focus Service Manager Automation

PT-2020-20711 · Micro Focus · Micro Focus Service Manager Automation

CVE-2020-9521

Weakness Enumeration

Related Identifiers

Affected Products

References · 4