Filtered by vendor Microfocus
Subscribe
Search
Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6499 | 1 Microfocus | 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | |||||
| CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||||
| CVE-2018-18590 | 1 Microfocus | 1 Operations Bridge | 2019-10-09 | 5.8 MEDIUM | 8.8 HIGH |
| A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. | |||||
| CVE-2018-19641 | 1 Microfocus | 1 Solutions Business Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-19643 | 1 Microfocus | 1 Solutions Business Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-12468 | 1 Microfocus | 1 Groupwise | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | |||||
| CVE-2018-12469 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | |||||
| CVE-2018-12464 | 1 Microfocus | 1 Secure Messaging Gateway | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | |||||
| CVE-2018-12465 | 1 Microfocus | 1 Secure Messaging Gateway | 2019-10-09 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | |||||
| CVE-2017-9282 | 1 Microfocus | 1 Visibroker | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |||||
| CVE-2017-9283 | 1 Microfocus | 1 Visibroker | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |||||
| CVE-2017-7422 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. | |||||
| CVE-2017-7420 | 1 Microfocus | 3 Enterprise Developer, Enterprise Server, Enterprise Server Monitor And Control | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | |||||
| CVE-2017-7421 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | |||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | |||||
| CVE-2017-7423 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. | |||||
| CVE-2017-5187 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | |||||
| CVE-2017-14362 | 1 Microfocus | 1 Project And Portfolio Management | 2019-10-09 | 6.8 MEDIUM | 7.3 HIGH |
| Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | |||||
| CVE-2017-14363 | 1 Microfocus | 1 Operations Manager I | 2019-10-09 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | |||||
| CVE-2017-14361 | 1 Microfocus | 1 Project And Portfolio Management | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. | |||||
| CVE-2014-7885 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2019-10-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors. | |||||
| CVE-2013-4815 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2019-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-14355 | 1 Microfocus | 1 Connected Backup | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege. | |||||
| CVE-2017-9273 | 1 Microfocus | 2 Bi-directional Driver, Identity Manager | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. | |||||
| CVE-2018-17950 | 1 Microfocus | 1 Edirectory | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | |||||
| CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2019-09-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | |||||
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2019-09-18 | 6.8 MEDIUM | 8.8 HIGH |
| Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | |||||
| CVE-2019-11658 | 1 Microfocus | 1 Content Manager | 2019-08-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. | |||||
| CVE-2019-11647 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2019-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. | |||||
| CVE-2015-6946 | 1 Microfocus | 1 Accurev | 2019-06-26 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the Reprise License Manager service in Borland AccuRev allow remote attackers to execute arbitrary code via the (1) akey or (2) actserver parameter to the activate_doit function or (3) licfile parameter to the service_startup_doit functionality. | |||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2019-06-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | |||||
| CVE-2016-1600 | 1 Microfocus | 1 Identity Manager | 2019-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability. | |||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2019-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | |||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2019-04-02 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | |||||
| CVE-2016-9166 | 1 Microfocus | 1 Netiq Edirectory | 2019-03-27 | 5.0 MEDIUM | 7.5 HIGH |
| NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. | |||||
| CVE-2017-5185 | 1 Microfocus | 1 Sentinel | 2019-03-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | |||||
| CVE-2017-5184 | 1 Microfocus | 1 Sentinel | 2019-03-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | |||||
| CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2019-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2019-01-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | |||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | |||||
| CVE-2018-12480 | 1 Microfocus | 1 Access Manager | 2018-12-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | |||||
| CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2018-12-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | |||||
| CVE-2009-5153 | 1 Microfocus | 1 Netware | 2018-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | |||||
| CVE-2015-6030 | 2 Hp, Microfocus | 7 Arcsight Command Center, Arcsight Connector Appliance, Arcsight Connectors and 4 more | 2018-10-17 | 7.2 HIGH | N/A |
| HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. | |||||
| CVE-2016-1991 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2018-10-17 | 6.0 MEDIUM | 8.0 HIGH |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | |||||
| CVE-2016-1990 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2018-10-17 | 4.3 MEDIUM | 7.8 HIGH |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | |||||
| CVE-2018-6489 | 1 Microfocus | 1 Project And Portfolio Management Center | 2018-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | |||||
| CVE-2017-8993 | 1 Microfocus | 1 Project And Portfolio Management | 2018-03-12 | 3.5 LOW | 5.4 MEDIUM |
| A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | |||||