CVE-2019-18943 : Security Advisory and Response
Learn about CVE-2019-18943 affecting Micro Focus Solutions Business Manager. Upgrade to version 11.7.1 or later to mitigate the XML External Entity Processing vulnerability.
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
Understanding CVE-2019-18943
Certain operations on Micro Focus Solutions Business Manager versions earlier than 11.7.1 have the potential to be exploited through XML External Entity Processing (XXE).
What is CVE-2019-18943?
CVE-2019-18943 is a vulnerability in Micro Focus Solutions Business Manager that allows exploitation through XML External Entity Processing (XXE).
The Impact of CVE-2019-18943
The vulnerability has a CVSS base score of 6.1, with high confidentiality impact and low privileges required for exploitation.
Technical Details of CVE-2019-18943
Micro Focus Solutions Business Manager versions prior to 11.7.1 are affected by this vulnerability.
Vulnerability Description
The vulnerability arises from improper restriction of XML External Entity Reference ('XXE').
Affected Systems and Versions
- Product: Solutions Business Manager
- Vendor: Micro Focus
- Versions Affected: < 11.7.1
Exploitation Mechanism
- Attack Complexity: Low
- Attack Vector: Adjacent Network
- User Interaction: Required
Mitigation and Prevention
Upgrade Micro Focus Solutions Business Manager to version 11.7.1 or later to mitigate the vulnerability.
Immediate Steps to Take
- Upgrade SBM to version 11.7.1 or above.
- Monitor vendor security bulletins for updates.
Long-Term Security Practices
- Regularly update software and apply security patches.
- Implement secure coding practices to prevent XXE vulnerabilities.
Patching and Updates
Ensure timely installation of security patches and updates provided by Micro Focus.