CVE-2019-11649

Published Jun 19, 2019

Last updated a year ago

CVSS medium 5.4

Overview

Description: Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
Source: security@opentext.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:17.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C7A916C-864C-417B-BD1C-196969B7CB73"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:18.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C50F47D5-AAFA-4CF4-925F-7B167065C05B"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:fortify_software_security_center:18.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BB63643-0C3E-4764-B84B-B8FC63BC9E6A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References