Filtered by vendor Microfocus
Subscribe
Search
Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12465 | 1 Microfocus | 1 Secure Messaging Gateway | 2019-10-09 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | |||||
| CVE-2018-12469 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | |||||
| CVE-2017-7423 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. | |||||
| CVE-2017-5187 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | |||||
| CVE-2017-14361 | 1 Microfocus | 1 Project And Portfolio Management | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | |||||
| CVE-2017-14362 | 1 Microfocus | 1 Project And Portfolio Management | 2019-10-09 | 6.8 MEDIUM | 7.3 HIGH |
| Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | |||||
| CVE-2018-17950 | 1 Microfocus | 1 Edirectory | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | |||||
| CVE-2017-14355 | 1 Microfocus | 1 Connected Backup | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | |||||
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2019-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | |||||
| CVE-2016-1600 | 1 Microfocus | 1 Identity Manager | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. | |||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2019-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | |||||
| CVE-2016-9166 | 1 Microfocus | 1 Netiq Edirectory | 2019-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. | |||||
| CVE-2017-5185 | 1 Microfocus | 1 Sentinel | 2019-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | |||||
| CVE-2016-1991 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2018-10-17 | 6.0 MEDIUM | 8.0 HIGH |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | |||||
| CVE-2016-1990 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2018-10-17 | 4.3 MEDIUM | 7.8 HIGH |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | |||||
| CVE-2017-9272 | 1 Microfocus | 2 Bi-directional Driver, Identity Manager | 2017-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | |||||
| CVE-2017-9281 | 1 Microfocus | 1 Visibroker | 2017-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | |||||
| CVE-2016-5764 | 1 Microfocus | 1 Rumba Ftp | 2017-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server. | |||||