CVE-2019-11653

Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.

Published: Aug 7, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11653
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microfocus / content_manager	9.1.0-patch6_hotfix1	9.1.0-patch6_hotfix1.x
microfocus / content_manager	9.1.0-patch6_hotfix2	9.1.0-patch6_hotfix2.x
microfocus / content_manager	9.1.0-patch6_hotfix3	9.1.0-patch6_hotfix3.x
microfocus / content_manager	9.1.0-patch6_hotfix4	9.1.0-patch6_hotfix4.x
microfocus / content_manager	9.1.0-patch6_hotfix5	9.1.0-patch6_hotfix5.x
microfocus / content_manager	9.2.0-patch3_hotfix1	9.2.0-patch3_hotfix1.x
microfocus / content_manager	9.3.0-patch2_hotfix1	9.3.0-patch2_hotfix1.x
microfocus / content_manager	9.3.0-patch2_hotfix2	9.3.0-patch2_hotfix2.x

Vulnerability Database

289,599

CVE-2019-11653