Filtered by vendor Microfocus
Subscribe
Total
224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2024-09-04 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. | |||||
| CVE-2020-11847 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.8 HIGH |
| SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. | |||||
| CVE-2020-11846 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.5 HIGH |
| A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. | |||||
| CVE-2020-11850 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-23 | N/A | 6.1 MEDIUM |
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | |||||
| CVE-2021-22506 | 1 Microfocus | 1 Access Manager | 2024-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. | |||||
| CVE-2021-22502 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. | |||||
| CVE-2023-32268 | 1 Microfocus | 1 Filr | 2024-02-28 | N/A | 7.2 HIGH |
| Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | |||||
| CVE-2020-25835 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | N/A | 5.4 MEDIUM |
| A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | |||||
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2024-02-28 | N/A | 6.1 MEDIUM |
| Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. | |||||
| CVE-2023-32267 | 1 Microfocus | 1 Arcsight Management Center | 2024-02-28 | N/A | 8.8 HIGH |
| A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. | |||||
| CVE-2023-32263 | 1 Microfocus | 1 Dimensions Cm | 2024-02-28 | N/A | 5.7 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials. https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-32262 | 1 Microfocus | 1 Dimensions Cm | 2024-02-28 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-4501 | 1 Microfocus | 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password. | |||||
| CVE-2023-32265 | 1 Microfocus | 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information. | |||||
| CVE-2023-32261 | 1 Microfocus | 1 Dimensions Cm | 2024-02-28 | N/A | 6.5 MEDIUM |
| A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ | |||||
| CVE-2023-24469 | 1 Microfocus | 1 Arcsight Logger | 2024-02-28 | N/A | 6.1 MEDIUM |
| Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 | |||||
| CVE-2023-24470 | 1 Microfocus | 1 Arcsight Logger | 2024-02-28 | N/A | 9.1 CRITICAL |
| Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. | |||||
| CVE-2022-38753 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-02-28 | N/A | 6.3 MEDIUM |
| This update resolves a multi-factor authentication bypass attack | |||||
| CVE-2022-38756 | 1 Microfocus | 1 Groupwise | 2024-02-28 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. | |||||
| CVE-2022-38757 | 1 Microfocus | 1 Zenworks | 2024-02-28 | N/A | 7.2 HIGH |
| A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator. | |||||