VYPR
← All advisories
Unrated severityNVD Advisory· Published May 22, 2018· Updated Sep 17, 2024

MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

CVE-2018-6493

Description

SQL injection in HP Network Operations Management Ultimate and Network Automation allows remote attackers to execute arbitrary SQL commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in HP Network Operations Management Ultimate and Network Automation allows remote attackers to execute arbitrary SQL commands.

Vulnerability

SQL injection vulnerability exists in HP Network Operations Management Ultimate versions 2017.07, 2017.11, 2018.02 and Network Automation versions 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. The flaw allows injection of SQL commands via specially crafted input [1].

Exploitation

An attacker can remotely exploit this vulnerability without authentication, sending crafted HTTP requests to inject SQL statements [1].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion [1].

Mitigation

Micro Focus has released a security bulletin (KM03158014) with patches. Users should update to the latest fixed versions as per vendor instructions [1].

References
  1. HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.