OpenCVE

Filtered by vendor Microfocus Subscriptions

Total 248 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-22516	1 Microfocus	1 Secure Api Manager	2024-11-21	7.5 High
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
CVE-2021-22515	1 Microfocus	1 Netiq Advanced Authentication	2024-11-21	4.8 Medium
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
CVE-2021-22514	1 Microfocus	1 Application Performance Management	2024-11-21	9.8 Critical
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
CVE-2021-22513	1 Microfocus	1 Application Automation Tools	2024-11-21	6.5 Medium
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.
CVE-2021-22512	1 Microfocus	1 Application Automation Tools	2024-11-21	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.
CVE-2021-22511	1 Microfocus	1 Application Automation Tools	2024-11-21	6.5 Medium
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.
CVE-2021-22510	1 Microfocus	1 Application Automation Tools	2024-11-21	6.1 Medium
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions.
CVE-2021-22507	1 Microfocus	1 Operations Bridge Manager	2024-11-21	9.8 Critical
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access.
CVE-2021-22506	1 Microfocus	1 Access Manager	2024-11-21	7.5 High
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
CVE-2021-22505	1 Microfocus	1 Operations Agent	2024-11-21	9.8 Critical
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.
CVE-2021-22504	1 Microfocus	1 Operations Bridge Manager	2024-11-21	9.8 Critical
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server.
CVE-2021-22502	1 Microfocus	1 Operation Bridge Reporter	2024-11-21	9.8 Critical
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
CVE-2021-22500	1 Microfocus	1 Application Performance Management	2024-11-21	6.5 Medium
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.
CVE-2021-22499	1 Microfocus	1 Application Performance Management	2024-11-21	4.8 Medium
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
CVE-2021-22498	1 Microfocus	1 Application Lifecycle Management	2024-11-21	8.1 High
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.
CVE-2021-22497	1 Microfocus	1 Netiq Advanced Authentication	2024-11-21	3.8 Low
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
CVE-2021-22496	1 Microfocus	1 Access Manager	2024-11-21	7.5 High
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
CVE-2020-9524	1 Microfocus	2 Enterprise Developer, Enterprise Server	2024-11-21	5.4 Medium
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).
CVE-2020-9523	1 Microfocus	2 Enterprise Developer, Enterprise Server	2024-11-21	8.8 High
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
CVE-2020-9522	1 Microfocus	1 Arcsight Enterprise Security Manager Express	2024-11-21	6.1 Medium
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.

« first previous Page 3 of 13. next last »