Filtered by vendor Microfocus
Subscriptions
Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11854 | 1 Microfocus | 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more | 2024-08-04 | 9.8 Critical |
| Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. | ||||
| CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-08-04 | 9.8 Critical |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | ||||
| CVE-2020-11841 | 1 Microfocus | 1 Arcsight Management Center | 2024-08-04 | 4.3 Medium |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | ||||
| CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-08-04 | 7.8 High |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | ||||
| CVE-2020-11845 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 6.1 Medium |
| Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 5.3 Medium |
| Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | ||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-08-04 | 5.4 Medium |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | ||||
| CVE-2020-9521 | 1 Microfocus | 1 Service Manager Automation | 2024-08-04 | 8.8 High |
| An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | ||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-08-04 | 8.8 High |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | ||||
| CVE-2020-9524 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-08-04 | 5.4 Medium |
| Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | ||||
| CVE-2020-9519 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 5.3 Medium |
| HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | ||||
| CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 5.4 Medium |
| There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | ||||
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2024-08-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||||
| CVE-2021-38130 | 1 Microfocus | 1 Voltage Securemail | 2024-08-04 | 6.5 Medium |
| A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. | ||||
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-08-04 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2021-38127 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-08-04 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2021-38125 | 1 Microfocus | 1 Operations Bridge | 2024-08-04 | 9.8 Critical |
| Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. | ||||
| CVE-2021-38124 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-08-04 | 9.8 Critical |
| Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. | ||||
| CVE-2021-38129 | 1 Microfocus | 1 Operations Agent | 2024-08-04 | 3.3 Low |
| Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. | ||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2024-08-04 | 6.1 Medium |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | ||||