CVE-2019-18946 is a vulnerability in Micro Focus Solutions Business Manager
Published on February 26, 2021

Session fixation
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Products Associated with CVE-2019-18946

Want to know whenever a new CVE is published for Micro Focus Solutions Business Manager? stack.watch will email you.

Micro Focus Solutions Business Manager

Affected Versions

Micro Focus Solutions Business Manager Version < 11.7.1 is affected by CVE-2019-18946

Exploit Probability

EPSS

0.05%

Percentile

16.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.