Filtered by vendor Microfocus
Subscribe
Total
247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5930 | 1 Microfocus | 1 Privileged User Manager | 2024-11-21 | 6.4 MEDIUM | N/A |
| The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request. | |||||
| CVE-2012-0432 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2012-0430 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors. | |||||
| CVE-2012-0429 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 4.0 MEDIUM | N/A |
| dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request. | |||||
| CVE-2012-0428 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-7127 | 1 Microfocus | 1 Visibroker | 2024-11-21 | 5.0 MEDIUM | N/A |
| osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled. | |||||
| CVE-2008-7126 | 1 Microfocus | 1 Visibroker | 2024-11-21 | 10.0 HIGH | N/A |
| Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow. | |||||
| CVE-2001-0208 | 1 Microfocus | 1 Cobol | 2024-11-20 | 4.6 MEDIUM | N/A |
| MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. | |||||
| CVE-2024-9841 | 1 Microfocus | 2 Arcsight Management Center, Arcsight Platform | 2024-11-13 | N/A | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | |||||
| CVE-2020-11859 | 1 Microfocus | 1 Imanager | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 | |||||
| CVE-2023-32261 | 1 Microfocus | 1 Dimensions Cm | 2024-10-29 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2024-4211 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 2.4 LOW |
| Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||||
| CVE-2024-4692 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 2.4 LOW |
| Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||||
| CVE-2024-4690 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||||
| CVE-2024-4184 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||||
| CVE-2024-4189 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
| Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | |||||
| CVE-2024-4554 | 1 Microfocus | 1 Netiq Access Manager | 2024-09-19 | N/A | 5.4 MEDIUM |
| Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. | |||||
| CVE-2021-22503 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 6.1 MEDIUM |
| Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. | |||||
| CVE-2021-22533 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 9.1 CRITICAL |
| Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | |||||
| CVE-2021-22532 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 7.5 HIGH |
| Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. | |||||