Vulnerabilities (CVE)

Filtered by vendor Microfocus Subscribe
Total 242 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11850 1 Microfocus 1 Netiq Self Service Password Reset 2024-08-23 N/A 6.1 MEDIUM
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
CVE-2021-22506 1 Microfocus 1 Access Manager 2024-07-26 5.0 MEDIUM 7.5 HIGH
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
CVE-2021-22502 1 Microfocus 1 Operation Bridge Reporter 2024-07-25 10.0 HIGH 9.8 CRITICAL
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
CVE-2023-32268 1 Microfocus 1 Filr 2024-02-05 N/A 7.2 HIGH
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
CVE-2020-25835 1 Microfocus 1 Arcsight Management Center 2024-02-05 N/A 5.4 MEDIUM
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).
CVE-2023-32267 1 Microfocus 1 Arcsight Management Center 2024-02-05 N/A 8.8 HIGH
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.
CVE-2023-32262 1 Microfocus 1 Dimensions Cm 2024-02-05 N/A 6.5 MEDIUM
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2023-32263 1 Microfocus 1 Dimensions Cm 2024-02-05 N/A 5.7 MEDIUM
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials. https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2023-32265 1 Microfocus 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more 2024-02-05 N/A 6.5 MEDIUM
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.
CVE-2022-38754 1 Microfocus 2 Operations Bridge, Operations Bridge Manager 2024-02-04 N/A 5.4 MEDIUM
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.
CVE-2022-38755 1 Microfocus 1 Filr 2024-02-04 N/A 5.3 MEDIUM
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
CVE-2022-38753 1 Microfocus 1 Netiq Advanced Authentication 2024-02-04 N/A 6.3 MEDIUM
This update resolves a multi-factor authentication bypass attack
CVE-2022-38756 1 Microfocus 1 Groupwise 2024-02-04 N/A 4.3 MEDIUM
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
CVE-2022-26330 1 Microfocus 1 Arcsight Logger 2024-02-04 N/A 7.5 HIGH
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.
CVE-2022-26331 1 Microfocus 1 Arcsight Logger 2024-02-04 N/A 6.1 MEDIUM
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.
CVE-2021-22531 1 Microfocus 1 Access Manager 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
CVE-2021-38125 1 Microfocus 1 Operations Bridge 2024-02-04 6.8 MEDIUM 9.8 CRITICAL
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
CVE-2022-26326 1 Microfocus 1 Netiq Access Manager 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
CVE-2022-26325 1 Microfocus 1 Netiq Access Manager 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
CVE-2021-22535 1 Microfocus 1 Netiq Directory And Resource Administrator 2024-02-04 2.7 LOW 4.9 MEDIUM
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.