Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microfocus Subscribe
Total 209 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-11651 1 Microfocus 2 Enterprise Developer, Enterprise Server 2019-10-10 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
CVE-2018-7690 1 Microfocus 1 Fortify Software Security Center 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7691 1 Microfocus 1 Fortify Software Security Center 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7687 1 Microfocus 1 Client 2019-10-09 4.6 MEDIUM 7.8 HIGH
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
CVE-2018-6491 1 Microfocus 1 Ucmdb Configuration Manager 2019-10-09 7.2 HIGH 9.8 CRITICAL
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
CVE-2018-6499 1 Microfocus 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more 2019-10-09 7.5 HIGH 9.8 CRITICAL
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
CVE-2018-6498 1 Microfocus 5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more 2019-10-09 7.5 HIGH 9.8 CRITICAL
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
CVE-2018-6488 1 Microfocus 1 Ucmdb Configuration Manager 2019-10-09 7.5 HIGH 9.8 CRITICAL
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
CVE-2018-6487 1 Microfocus 1 Universal Cmdb Foundation Software 2019-10-09 5.0 MEDIUM 7.5 HIGH
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.
CVE-2018-6486 1 Microfocus 2 Fortify Audit Workbench, Fortify Software Security Center 2019-10-09 7.5 HIGH 9.8 CRITICAL
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
CVE-2018-19641 1 Microfocus 1 Solutions Business Manager 2019-10-09 7.5 HIGH 9.8 CRITICAL
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2018-19643 1 Microfocus 1 Solutions Business Manager 2019-10-09 5.0 MEDIUM 7.5 HIGH
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2018-19644 1 Microfocus 1 Solutions Business Manager 2019-10-09 4.3 MEDIUM 6.1 MEDIUM
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2018-19642 1 Microfocus 1 Solutions Business Manager 2019-10-09 5.0 MEDIUM 7.5 HIGH
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2018-18591 1 Microfocus 1 Service Manager 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
CVE-2018-18590 1 Microfocus 1 Operations Bridge 2019-10-09 5.8 MEDIUM 8.8 HIGH
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
CVE-2018-12468 1 Microfocus 1 Groupwise 2019-10-09 6.5 MEDIUM 7.2 HIGH
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
CVE-2018-12464 1 Microfocus 1 Secure Messaging Gateway 2019-10-09 7.5 HIGH 9.8 CRITICAL
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
CVE-2018-12465 1 Microfocus 1 Secure Messaging Gateway 2019-10-09 9.0 HIGH 7.2 HIGH
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
CVE-2018-12469 1 Microfocus 2 Enterprise Developer, Enterprise Server 2019-10-09 5.0 MEDIUM 7.5 HIGH
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.