Filtered by vendor Microfocus
Subscriptions
Total
248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9521 | 1 Microfocus | 1 Service Manager Automation | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | ||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | ||||
| CVE-2020-9519 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.3 Medium |
| HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | ||||
| CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.3 Medium |
| Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | ||||
| CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.4 Medium |
| There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | ||||
| CVE-2020-25840 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 6.1 Medium |
| Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. | ||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2024-11-21 | 9.8 Critical |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | ||||
| CVE-2020-25838 | 1 Microfocus | 1 Filr | 2024-11-21 | 6.5 Medium |
| Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | ||||
| CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2024-11-21 | 7.5 High |
| Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | ||||
| CVE-2020-25835 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 5.9 Medium |
| A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | ||||
| CVE-2020-25834 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 5.4 Medium |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2020-25833 | 1 Microfocus | 1 Idol | 2024-11-21 | 4.8 Medium |
| Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. | ||||
| CVE-2020-25832 | 1 Microfocus | 1 Filr | 2024-11-21 | 5.4 Medium |
| Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. | ||||
| CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2024-11-21 | 7.8 High |
| Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | ||||
| CVE-2020-11860 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 6.1 Medium |
| Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) | ||||
| CVE-2020-11858 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2024-11-21 | 7.8 High |
| Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. | ||||
| CVE-2020-11857 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-11-21 | 9.8 Critical |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user | ||||
| CVE-2020-11856 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-11-21 | 9.8 Critical |
| Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. | ||||
| CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2024-11-21 | 7.8 High |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | ||||
| CVE-2020-11854 | 1 Microfocus | 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more | 2024-11-21 | 9.8 Critical |
| Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. | ||||