Micro Focus Verastream Host Integrator up to 7.8.49/7.8.0.49 information disclosure

Summaryinfo

A vulnerability labeled as problematic has been found in Micro Focus Verastream Host Integrator up to 7.8.49/7.8.0.49. This vulnerability affects unknown code. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2020-11842. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability has been found in Micro Focus Verastream Host Integrator up to 7.8.49/7.8.0.49 and classified as problematic. This vulnerability affects an unknown part. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:

Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view.

The weakness was released 05/04/2020. This vulnerability was named CVE-2020-11842 since 04/16/2020. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1592.

Upgrading eliminates this vulnerability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Micro Focus

Name

• Verastream Host Integrator

Version

• 7.8.0
• 7.8.0.0
• 7.8.0.1
• 7.8.0.2
• 7.8.0.3
• 7.8.0.4
• 7.8.0.5
• 7.8.0.6
• 7.8.0.7
• 7.8.0.8
• 7.8.0.9
• 7.8.0.10
• 7.8.0.11
• 7.8.0.12
• 7.8.0.13
• 7.8.0.14
• 7.8.0.15
• 7.8.0.16
• 7.8.0.17
• 7.8.0.18
• 7.8.0.19
• 7.8.0.20
• 7.8.0.21
• 7.8.0.22
• 7.8.0.23
• 7.8.0.24
• 7.8.0.25
• 7.8.0.26
• 7.8.0.27
• 7.8.0.28
• 7.8.0.29
• 7.8.0.30
• 7.8.0.31
• 7.8.0.32
• 7.8.0.33
• 7.8.0.34
• 7.8.0.35
• 7.8.0.36
• 7.8.0.37
• 7.8.0.38
• 7.8.0.39
• 7.8.0.40
• 7.8.0.41
• 7.8.0.42
• 7.8.0.43
• 7.8.0.44
• 7.8.0.45
• 7.8.0.46
• 7.8.0.47
• 7.8.0.48
• 7.8.0.49
• 7.8.1
• 7.8.2
• 7.8.3
• 7.8.4
• 7.8.5
• 7.8.6
• 7.8.7
• 7.8.8
• 7.8.9
• 7.8.10
• 7.8.11
• 7.8.12
• 7.8.13
• 7.8.14
• 7.8.15
• 7.8.16
• 7.8.17
• 7.8.18
• 7.8.19
• 7.8.20
• 7.8.21
• 7.8.22
• 7.8.23
• 7.8.24
• 7.8.25
• 7.8.26
• 7.8.27
• 7.8.28
• 7.8.29
• 7.8.30
• 7.8.31
• 7.8.32
• 7.8.33
• 7.8.34
• 7.8.35
• 7.8.36
• 7.8.37
• 7.8.38
• 7.8.39
• 7.8.40
• 7.8.41
• 7.8.42
• 7.8.43
• 7.8.44
• 7.8.45
• 7.8.46
• 7.8.47
• 7.8.48
• 7.8.49

License

• commercial

Website

• Vendor: https://www.microfocus.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion