CVE-2019-11651
high-risk
Published 2019-10-02
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
Do I need to act?
-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Enterprise Developer
Affected Vendors
52
/ 100
high-risk
Severity
23/34 · High
Exploitability
1/34 · Minimal
Exposure
28/34 · Critical