Filtered by vendor Microfocus Subscriptions
Total 248 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11657 1 Microfocus 1 Arcsight Logger 2024-11-21 8.8 High
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack.
CVE-2019-11654 1 Microfocus 1 Verastream Host Integrator 2024-11-21 7.5 High
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
CVE-2019-11653 1 Microfocus 1 Content Manager 2024-11-21 N/A
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
CVE-2019-11652 1 Microfocus 1 Netiq Self Service Password Reset 2024-11-21 N/A
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
CVE-2019-11651 1 Microfocus 2 Enterprise Developer, Enterprise Server 2024-11-21 6.1 Medium
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
CVE-2019-11650 1 Microfocus 1 Netiq Advanced Authentication 2024-11-21 5.9 Medium
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
CVE-2019-11649 1 Microfocus 1 Fortify Software Security Center 2024-11-21 N/A
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
CVE-2019-11647 1 Microfocus 1 Netiq Self Service Password Reset 2024-11-21 N/A
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
CVE-2019-11646 1 Microfocus 1 Service Manager 2024-11-21 N/A
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.
CVE-2018-7692 1 Microfocus 1 Edirectory 2024-11-21 N/A
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
CVE-2018-7691 1 Microfocus 1 Fortify Software Security Center 2024-11-21 N/A
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7690 1 Microfocus 1 Fortify Software Security Center 2024-11-21 N/A
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7687 1 Microfocus 1 Client 2024-11-21 N/A
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
CVE-2018-7686 1 Microfocus 1 Edirectory 2024-11-21 N/A
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
CVE-2018-7683 1 Microfocus 1 Solutions Business Manager 2024-11-21 N/A
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
CVE-2018-7682 1 Microfocus 1 Solutions Business Manager 2024-11-21 N/A
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-7681 1 Microfocus 1 Solutions Business Manager 2024-11-21 N/A
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
CVE-2018-7680 1 Microfocus 1 Solutions Business Manager 2024-11-21 N/A
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
CVE-2018-7679 1 Microfocus 1 Solutions Business Manager 2024-11-21 N/A
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
CVE-2018-7675 1 Microfocus 1 Sentinel 2024-11-21 N/A
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.