Micro Focus Email

Send E-mail

Self-Solve Knowledge Search

KM03518316 - Service Manager vulnerabilities - CVE-2019-11661, CVE-2019-11662, CVE-2019-11663, CVE-2019-11664, CVE-2019-11665, CVE-2019-11666, CVE-2018-0732, CVE-2018-0737.

KM03518316 - Service Manager vulnerabilities - CVE-2019-11661, CVE-2019-11662, CVE-2019-11663, CVE-2019-11664, CVE-2019-11665, CVE-2019-11666, CVE-2018-0732, CVE-2018-0737.

KM03518316 - Service Manager vulnerabilities - CVE-2019-11661, CVE-2019-11662, CVE-2019-11663, CVE-2019-11664, CVE-2019-11665, CVE-2019-11666, CVE-2018-0732, CVE-2018-0737.

KM03518316 - Service Manager vulnerabilities - CVE-2019-11661, CVE-2019-11662, CVE-2019-11663, CVE-2019-11664, CVE-2019-11665, CVE-2019-11666, CVE-2018-0732, CVE-2018-0737.
B-SL:100 HPSL:100 LIB4:false TYPE:reference HPTYPE:other ATT:0

Summary

Potential vulnerabilities have been identified in Service Manager: * Can be exploited to allow unauthorized access and modification of data. * Can be exploited in some special cases to allow information exposure through an error message. * Can be exploited to allow sensitive data exposure. * The vulnerability could be exploited to allow a denial of service and sensitive data exposure. * The vulnerability could be exploited to allow insecure deserialization of untrusted data.

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Remote Vulnerability>

 

VULNERABILITY SUMMARY

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow unauthorized access and modification of data.

 

CVE References: CVE-2019-11661

 

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11661

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

6.7

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

X.X

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

 

For all versions we recommend to:

Upgrade to the latest Service Manager 9.63

Package (Applications):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01023

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Remote Vulnerability>

 

VULNERABILITY SUMMARY

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited in some special cases to allow information exposure through an error message.

 

CVE References: CVE-2019-11662

 

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11662

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

2.6

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

X.X

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

 

For all versions we recommend to:

Upgrade to the latest Service Manager 9.63

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01013

 

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01014

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Remote Vulnerability>

 

VULNERABILITY SUMMARY

A vulnerability in a third-party embedded component was addressed by Service Manager. The vulnerability could be exploited to allow sensitive data exposure.

CVE References: CVE-2019-11663

 

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11663

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

6.7

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

X.X

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

For all versions we recommend to:

Upgrade to the latest SM 9.63

Package (Knowledge Management):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01024

 

Or you can upgrade to the latest patch of your specific version.

For version 9.30 - 9.35 please:

Upgrade to SM 9.35.P7 and above

Package (Knowledge Management):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01012

 

For version 9.40, 9.41 please:

Upgrade to SM 9.41.P8 and above

Package (Knowledge Management):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00997

 

For version 9.50 – 9.52 please:

Upgrade to SM 9.52.P5 and above

Package (Knowledge Management):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00987

 

For version 9.60 – 9.62 please:

Upgrade to SM 9.63 and above

Package (Knowledge Management):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01012


 

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Local Vulnerability>

 

VULNERABILITY SUMMARY

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow sensitive data exposure.

 

CVE References: CVE-2019-11664

 

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11664

CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

5.6

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

X.X

 

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

 

For all versions we recommend to:

Upgrade to the latest Service Manager 9.63

Package (Web Tier):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01015

 

 

Or you can upgrade to the latest patch of your specific version.

For version 9.30 - 9.35 please:

Upgrade to SM 9.35.P7 and above

                Package (Web Tier):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01010

 

For version 9.40, 9.41 please:

Upgrade to SM 9.41.P8 and above

                Package (Web Tier):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00994

 

For version 9.50 – 9.52 please:

Upgrade to SM 9.52.P5 and above             

Package (Web Tier):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00983

 

For version 9.60 – 9.62 please:

Upgrade to the latest Service Manager 9.63             

Package (Web Tier):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01015

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Remote Vulnerability>

 

VULNERABILITY SUMMARY

A vulnerability in an embedded third-party component was addressed by Service Manager. The vulnerability could be exploited to allow a denial of service and sensitive data exposure.

CVE References: CVE-2018-0732 and CVE-2018-0737

 

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2018-0732

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

5.0

CVE-2018-0737

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

4.3

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

 

For all versions we recommend to:

Upgrade to the latest Service Manager 9.63

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01013

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01014

 

Or you can upgrade to the latest patch of your specific version.

For version 9.30 - 9.35 please:

Upgrade to SM 9.35.P7 and above

Package (Server for AIX):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01004

Package (Server for HP Itanium):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01005

Package (Server for HP Itanium Server for Oracle 12c):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01006

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01007

Package (Server for Solaris):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01008

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01009

 

For version 9.40, 9.41 please:

Upgrade to SM 9.41.P8 and above

Package (Server for AIX):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00989

Package (Server for HP-UX/IA):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00990

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00991

Package (Server for Solaris):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00992

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00993

 

For version 9.50 – 9.52 please:

Upgrade to SM 9.52.P5 and above

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00981

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_00982

 

For version 9.60 – 9.62 please:

Upgrade to SM 9.63 and above

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01013

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01014

 

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Remote Vulnerability>

 

VULNERABILITY SUMMARY

A potential vulnerability has been identified in Service Manager. The vulnerability could be exploited to allow sensitive data exposure.

 

CVE References: CVE-2019-11665

 

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11665

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

6.7

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

X.X

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

 

For all versions we recommend to:

Upgrade to the latest Service Manager 9.63

Package (Server for Windows):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01013

Package (Server for Linux):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01014

 

 

SUPPORT COMMUNICATION - SECURITY BULLETIN

Potential Security Impact: <Remote Vulnerability>

 

VULNERABILITY SUMMARY

A vulnerability in an emdedded third-party component was addressed by Service Manager. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

 

CVE References: CVE-2019-11666

CVSS Version 3.0 and Version 2.0 Base Metrics

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2019-11666

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

3.7

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

X.X

RESOLUTION:

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Service Manager:

 

For all versions we recommend to:

Upgrade to the latest Service Manager 9.63

Package (Service Request Catalog):

https://softwaresupport.softwaregrp.com/doc/group/softwaresupport/search-result/-/facetsearch/document/LID/HPSM_01017

 

For all vulnerabilities above note the following:

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Service Manager: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62

 

Additional Information

Was this document helpful? Feedback