Filtered by vendor Microfocus
Subscribe
Total
209 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2021-09-14 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | |||||
CVE-2021-22521 | 1 Microfocus | 2 Zenworks Configuration Management, Zenworks Endpoint Security Management | 2021-08-10 | 7.2 HIGH | 6.7 MEDIUM |
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. | |||||
CVE-2021-22523 | 1 Microfocus | 1 Verastream Host Integrator | 2021-08-02 | 6.8 MEDIUM | 7.6 HIGH |
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions. | |||||
CVE-2021-22522 | 1 Microfocus | 1 Verastream Host Integrator | 2021-08-02 | 6.8 MEDIUM | 7.1 HIGH |
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data. | |||||
CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | |||||
CVE-2019-11664 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
CVE-2019-17087 | 1 Microfocus | 1 Acutoweb | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | |||||
CVE-2020-25838 | 1 Microfocus | 1 Filr | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | |||||
CVE-2020-11856 | 1 Microfocus | 1 Operation Bridge Reporter | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. | |||||
CVE-2019-11663 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 4.9 MEDIUM | 5.4 MEDIUM |
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | |||||
CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | |||||
CVE-2019-3476 | 1 Microfocus | 1 Data Protector | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | |||||
CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | |||||
CVE-2020-11840 | 1 Microfocus | 1 Arcsight Management Center | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | |||||
CVE-2020-11852 | 1 Microfocus | 1 Secure Messaging Gateway | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command. | |||||
CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | |||||
CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | |||||
CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | |||||
CVE-2020-11849 | 1 Microfocus | 1 Identity Manager | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. |