Vulnerabilities > Microfocus > CMS Server

DATE CVE VULNERABILITY TITLE RISK
2018-06-16 CVE-2018-6497 Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
network
low complexity
microfocus CWE-502
8.8
8.8
2018-05-23 CVE-2018-6495 Cross-site Scripting vulnerability in Microfocus CMS Server, Universal Cmdb and Universal Cmdb Browser
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1.
network
low complexity
microfocus CWE-79
5.4
5.4