CVE Vulnerability

CVE-2020-9517

There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.

4.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://softwaresupport.softwaregrp.com/doc/KM03604692 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:microfocus:service_manager:9.50:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:service_manager:9.60:-:*:*:*:*:*:*
Information

Published : 2020-03-09 04:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-9517

Mitre link : CVE-2020-9517

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames