Filtered by vendor Microfocus
Subscribe
Total
235 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | |||||
CVE-2009-5153 | 1 Microfocus | 1 Netware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | |||||
CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | |||||
CVE-2018-18589 | 1 Microfocus | 1 Real User Monitoring | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | |||||
CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||||
CVE-2018-12468 | 1 Microfocus | 1 Groupwise | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | |||||
CVE-2018-6486 | 1 Microfocus | 2 Fortify Audit Workbench, Fortify Software Security Center | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection. | |||||
CVE-2018-7680 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | |||||
CVE-2018-6491 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-02-04 | 7.2 HIGH | 9.8 CRITICAL |
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. | |||||
CVE-2018-6495 | 1 Microfocus | 3 Cms Server, Universal Cmdb, Universal Cmdb Browser | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | |||||
CVE-2018-6494 | 1 Microfocus | 1 Service Manager | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | |||||
CVE-2018-6489 | 1 Microfocus | 1 Project And Portfolio Management Center | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | |||||
CVE-2017-8993 | 1 Microfocus | 1 Project And Portfolio Management | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | |||||
CVE-2018-6488 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. | |||||
CVE-2018-6487 | 1 Microfocus | 1 Universal Cmdb Foundation Software | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information. | |||||
CVE-2017-9285 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | |||||
CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | |||||
CVE-2018-7687 | 1 Microfocus | 1 Client | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | |||||
CVE-2018-12464 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | |||||
CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2024-02-04 | 3.5 LOW | 5.3 MEDIUM |
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. |