Filtered by vendor Microfocus
Subscribe
Total
235 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11646 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | |||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | |||||
| CVE-2019-11653 | 1 Microfocus | 1 Content Manager | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request. | |||||
| CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | |||||
| CVE-2019-11661 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 6.5 MEDIUM | 8.3 HIGH |
| Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. | |||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | |||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2019-11649 | 1 Microfocus | 1 Fortify Software Security Center | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser. | |||||
| CVE-2018-19641 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2016-9166 | 1 Microfocus | 1 Netiq Edirectory | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security. | |||||
| CVE-2019-11667 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data. | |||||
| CVE-2019-11663 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2019-11665 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | |||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | |||||
| CVE-2019-11669 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. | |||||
| CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2019-11652 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. | |||||
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | |||||
| CVE-2019-11658 | 1 Microfocus | 1 Content Manager | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. | |||||