Filtered by vendor Microfocus
Subscribe
Total
234 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22498 | 1 Microfocus | 1 Application Lifecycle Management | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection. | |||||
CVE-2020-11854 | 1 Microfocus | 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. | |||||
CVE-2019-18947 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 2.7 LOW | 3.5 LOW |
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | |||||
CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | |||||
CVE-2021-22500 | 1 Microfocus | 1 Application Performance Management | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. | |||||
CVE-2020-11858 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. | |||||
CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | |||||
CVE-2020-25833 | 1 Microfocus | 1 Idol | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | |||||
CVE-2019-18944 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 2.3 LOW | 4.8 MEDIUM |
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | |||||
CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | |||||
CVE-2021-22499 | 1 Microfocus | 1 Application Performance Management | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. | |||||
CVE-2019-18943 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 5.2 MEDIUM | 8.0 HIGH |
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | |||||
CVE-2020-9524 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | |||||
CVE-2020-9519 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | |||||
CVE-2020-11840 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | |||||
CVE-2020-11841 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | |||||
CVE-2020-11848 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service. | |||||
CVE-2020-11838 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | |||||
CVE-2020-11849 | 1 Microfocus | 1 Identity Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. |