Filtered by vendor Microfocus
Subscribe
Total
237 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11838 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | |||||
| CVE-2020-11849 | 1 Microfocus | 1 Identity Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. | |||||
| CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | |||||
| CVE-2020-11844 | 1 Microfocus | 1 Service Management Automation | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. | |||||
| CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | |||||
| CVE-2020-11845 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-11852 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. | |||||
| CVE-2020-9521 | 1 Microfocus | 1 Service Manager Automation | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | |||||
| CVE-2020-11839 | 1 Microfocus | 1 Arcsight Logger | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | |||||
| CVE-2019-17085 | 1 Microfocus | 1 Operations Agent | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent. | |||||
| CVE-2019-11674 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | |||||
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | |||||
| CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | |||||
| CVE-2019-11651 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. | |||||
| CVE-2019-17087 | 1 Microfocus | 1 Acutoweb | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | |||||
| CVE-2018-19644 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
| CVE-2019-11652 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. | |||||