Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-17085
CVE-2019-17085:
Micro Focus Operations Agent vulnerability analysis and mitigation
Overview
CVE-2019-17085 is an XXE (XML External Entity) attack vulnerability discovered in Micro Focus Operations Agent, affecting versions 12.0 through 12.11. The vulnerability was disclosed on October 2, 2019, and officially published on November 18, 2019 (CVE MITRE, NVD).
Technical details
The vulnerability allows potential XXE attacks on Operations Agent. According to the CVSS scoring, it received a CVSS v3.0 Base Score of 6.5 (MEDIUM) with vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and a CVSS v2.0 Base Score of 7.8 with vector (AV:N/AC:L/Au:N/C:N/I:N/A:C) (Micro Focus Advisory).
Impact
The vulnerability could be exploited to perform XXE attacks on Operations Agent, potentially leading to high availability impact on the affected systems (Micro Focus Advisory).
Mitigation and workarounds
Micro Focus has provided mitigation information for affected versions. The recommended solution is to set the configuration DISABLEEXTENTITIES under xpl.net namespace to TRUE using the command: ovconfchg -ns xpl.net -set DISABLEEXTENTITIES TRUE (Micro Focus Advisory).
Additional resources
Source: This report was generated using AI
Related Micro Focus Operations Agent vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management