Filtered by vendor Microfocus
Subscribe
Search
Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25835 | 1 Microfocus | 1 Arcsight Management Center | 2023-12-12 | N/A | 5.4 MEDIUM |
| A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | |||||
| CVE-2023-32268 | 1 Microfocus | 1 Filr | 2023-12-12 | N/A | 7.2 HIGH |
| Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | |||||
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2023-11-16 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | |||||
| CVE-2023-32267 | 1 Microfocus | 1 Arcsight Management Center | 2023-08-21 | N/A | 8.8 HIGH |
| A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. | |||||
| CVE-2021-38130 | 1 Microfocus | 1 Voltage Securemail | 2023-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. | |||||
| CVE-2022-38753 | 1 Microfocus | 1 Netiq Advanced Authentication | 2023-08-08 | N/A | 6.3 MEDIUM |
| This update resolves a multi-factor authentication bypass attack | |||||
| CVE-2022-26330 | 1 Microfocus | 1 Arcsight Logger | 2023-08-08 | N/A | 7.5 HIGH |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | |||||
| CVE-2023-32265 | 1 Microfocus | 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more | 2023-07-31 | N/A | 6.5 MEDIUM |
| A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information. | |||||
| CVE-2023-32261 | 1 Microfocus | 1 Dimensions Cm | 2023-07-28 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-32262 | 1 Microfocus | 1 Dimensions Cm | 2023-07-28 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-32263 | 1 Microfocus | 1 Dimensions Cm | 2023-07-28 | N/A | 5.7 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials. https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2021-22514 | 1 Microfocus | 1 Application Performance Management | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM. | |||||
| CVE-2021-22519 | 1 Microfocus | 1 Sitescope | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow remote attackers to execute arbitrary code on affected installations of SiteScope. | |||||
| CVE-2021-22517 | 1 Microfocus | 1 Data Protector | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data. | |||||
| CVE-2021-22505 | 1 Microfocus | 1 Operations Agent | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. | |||||
| CVE-2021-22506 | 1 Microfocus | 1 Access Manager | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. | |||||
| CVE-2021-22502 | 1 Microfocus | 1 Operation Bridge Reporter | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. | |||||
| CVE-2021-22525 | 1 Microfocus | 1 Access Manager | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 | |||||
| CVE-2021-38129 | 1 Microfocus | 1 Operations Agent | 2022-07-12 | 2.1 LOW | 3.3 LOW |
| Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | |||||
| CVE-2021-22531 | 1 Microfocus | 1 Access Manager | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 | |||||
| CVE-2022-26325 | 1 Microfocus | 1 Netiq Access Manager | 2022-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 | |||||
| CVE-2022-26326 | 1 Microfocus | 1 Netiq Access Manager | 2022-05-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 | |||||
| CVE-2020-11854 | 1 Microfocus | 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more | 2022-04-26 | 10.0 HIGH | 9.8 CRITICAL |
| Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. | |||||
| CVE-2021-38127 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2022-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 19 Mesos, Ubuntu Linux, Dc\/os and 16 more | 2021-12-16 | 9.3 HIGH | 8.6 HIGH |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | |||||
| CVE-2019-18947 | 1 Microfocus | 1 Solutions Business Manager | 2021-11-03 | 2.7 LOW | 3.5 LOW |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | |||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2021-10-19 | 5.2 MEDIUM | 8.0 HIGH |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | |||||
| CVE-2021-22535 | 1 Microfocus | 1 Netiq Directory And Resource Administrator | 2021-10-07 | 2.7 LOW | 4.9 MEDIUM |
| Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure. | |||||
| CVE-2021-38124 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2021-10-01 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. | |||||
| CVE-2021-22527 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-22524 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-22528 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 3.5 LOW | 5.4 MEDIUM |
| Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2021-09-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | |||||
| CVE-2021-22521 | 1 Microfocus | 2 Zenworks Configuration Management, Zenworks Endpoint Security Management | 2021-08-10 | 7.2 HIGH | 6.7 MEDIUM |
| A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. | |||||
| CVE-2021-22523 | 1 Microfocus | 1 Verastream Host Integrator | 2021-08-02 | 6.8 MEDIUM | 7.6 HIGH |
| XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions. | |||||
| CVE-2021-22522 | 1 Microfocus | 1 Verastream Host Integrator | 2021-08-02 | 6.8 MEDIUM | 7.1 HIGH |
| Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data. | |||||
| CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | |||||
| CVE-2019-3476 | 1 Microfocus | 1 Data Protector | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | |||||
| CVE-2020-11852 | 1 Microfocus | 1 Secure Messaging Gateway | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. | |||||
| CVE-2019-17087 | 1 Microfocus | 1 Acutoweb | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | |||||
| CVE-2020-11849 | 1 Microfocus | 1 Identity Manager | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. | |||||
| CVE-2020-9519 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | |||||
| CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | |||||
| CVE-2020-25838 | 1 Microfocus | 1 Filr | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | |||||
| CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | |||||
| CVE-2019-11664 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2020-11841 | 1 Microfocus | 1 Arcsight Management Center | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | |||||
| CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | |||||