Filtered by vendor Microfocus
Subscriptions
Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2024-09-16 | N/A |
| An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||||
| CVE-2017-5187 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2024-09-16 | N/A |
| A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | ||||
| CVE-2018-7687 | 1 Microfocus | 1 Client | 2024-09-16 | N/A |
| The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | ||||
| CVE-2017-7421 | 1 Microfocus | 4 Directory Server, Enterprise Developer, Enterprise Server and 1 more | 2024-09-16 | N/A |
| Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | ||||
| CVE-2012-5931 | 1 Microfocus | 1 Privileged User Manager | 2024-09-16 | N/A |
| Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname. | ||||
| CVE-2013-4815 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2019-18942 | 1 Microfocus | 1 Solutions Business Manager | 2024-09-16 | 5.5 Medium |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | ||||
| CVE-2017-7424 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-09-16 | N/A |
| A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. | ||||
| CVE-2018-7680 | 1 Microfocus | 1 Solutions Business Manager | 2024-09-16 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | ||||
| CVE-2018-12465 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-09-16 | N/A |
| An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5). | ||||
| CVE-2019-18944 | 1 Microfocus | 1 Solutions Business Manager | 2024-09-16 | 4.9 Medium |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | ||||
| CVE-2017-7420 | 1 Microfocus | 3 Enterprise Developer, Enterprise Server, Enterprise Server Monitor And Control | 2024-09-16 | N/A |
| An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | ||||
| CVE-2017-8993 | 1 Microfocus | 1 Project And Portfolio Management | 2024-09-16 | N/A |
| A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | ||||
| CVE-2018-12469 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-09-16 | N/A |
| Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | ||||
| CVE-2017-9283 | 1 Microfocus | 1 Visibroker | 2024-09-16 | N/A |
| An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | ||||
| CVE-2018-12468 | 1 Microfocus | 1 Groupwise | 2024-09-16 | N/A |
| A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | ||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-09-16 | N/A |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | ||||
| CVE-2019-18943 | 1 Microfocus | 1 Solutions Business Manager | 2024-09-16 | 6.1 Medium |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | ||||
| CVE-2018-18589 | 1 Microfocus | 1 Real User Monitoring | 2024-09-16 | N/A |
| A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | ||||
| CVE-2012-0432 | 1 Microfocus | 1 Edirectory | 2024-09-16 | N/A |
| Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. | ||||