CVE-2019-11658 Information

Description

Information exposure in Micro Focus Content Manager versions 9.1 9.2 and 9.3. This vulnerability when configured to use an Oracle database allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://softwaresupport.softwaregrp.com/doc/KM03496282

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3