Filtered by vendor Microfocus
Subscribe
Total
235 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22504 | 1 Microfocus | 1 Operations Bridge Manager | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server. | |||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | |||||
| CVE-2020-11860 | 1 Microfocus | 1 Arcsight Logger | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) | |||||
| CVE-2019-18943 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 5.2 MEDIUM | 8.0 HIGH |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | |||||
| CVE-2020-25834 | 1 Microfocus | 1 Arcsight Logger | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | |||||
| CVE-2019-18944 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 2.3 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | |||||
| CVE-2019-18942 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 2.3 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | |||||
| CVE-2020-25833 | 1 Microfocus | 1 Idol | 2024-02-04 | 3.5 LOW | 4.8 MEDIUM |
| Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | |||||
| CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | |||||
| CVE-2020-11858 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. | |||||
| CVE-2020-11853 | 2 Hp, Microfocus | 7 Universal Cmbd Foundation, Application Performance Management, Data Center Automation and 4 more | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code. | |||||
| CVE-2021-22498 | 1 Microfocus | 1 Application Lifecycle Management | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection. | |||||
| CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | |||||
| CVE-2020-11840 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | |||||
| CVE-2020-9524 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | |||||
| CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | |||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | |||||
| CVE-2020-11845 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-11848 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service. | |||||