Filtered by vendor Microfocus
Subscribe
Total
247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | |||||
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | |||||
| CVE-2019-11653 | 1 Microfocus | 1 Content Manager | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request. | |||||
| CVE-2019-11652 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. | |||||
| CVE-2019-11651 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. | |||||
| CVE-2019-11650 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. | |||||
| CVE-2019-11649 | 1 Microfocus | 1 Fortify Software Security Center | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser. | |||||
| CVE-2019-11647 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. | |||||
| CVE-2019-11646 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | |||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | |||||
| CVE-2018-7691 | 1 Microfocus | 1 Fortify Software Security Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2018-7690 | 1 Microfocus | 1 Fortify Software Security Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | |||||
| CVE-2018-7687 | 1 Microfocus | 1 Client | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | |||||
| CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | |||||
| CVE-2018-7683 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | |||||
| CVE-2018-7682 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | |||||
| CVE-2018-7681 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. | |||||
| CVE-2018-7680 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | |||||
| CVE-2018-7679 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | |||||
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2024-11-21 | 3.5 LOW | 2.8 LOW |
| In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | |||||