Filtered by vendor Microfocus
Subscriptions
Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17950 | 1 Microfocus | 1 Edirectory | 2024-08-05 | N/A |
| Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | ||||
| CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2024-08-05 | N/A |
| Cross site scripting vulnerability in iManager prior to 3.1 SP2. | ||||
| CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2024-08-05 | N/A |
| Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | ||||
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2024-08-05 | N/A |
| In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | ||||
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2024-08-05 | 8.8 High |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | ||||
| CVE-2018-6491 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2024-08-05 | N/A |
| Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege. | ||||
| CVE-2018-6489 | 1 Microfocus | 1 Project And Portfolio Management Center | 2024-08-05 | N/A |
| XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | ||||
| CVE-2018-6496 | 1 Microfocus | 1 Universal Cmbd Browser | 2024-08-05 | 8.8 High |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | ||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2024-08-05 | 7.3 High |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | ||||
| CVE-2019-17085 | 1 Microfocus | 1 Operations Agent | 2024-08-05 | 6.5 Medium |
| XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent. | ||||
| CVE-2019-17087 | 1 Microfocus | 1 Acutoweb | 2024-08-05 | 7.5 High |
| Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | ||||
| CVE-2019-11664 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 6.5 Medium |
| Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||||
| CVE-2019-11669 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 7.5 High |
| Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. | ||||
| CVE-2019-11665 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 7.5 High |
| Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||||
| CVE-2019-11662 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 4.3 Medium |
| Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message. | ||||
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 8.8 High |
| Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | ||||
| CVE-2019-11653 | 1 Microfocus | 1 Content Manager | 2024-08-04 | N/A |
| Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request. | ||||
| CVE-2019-11646 | 1 Microfocus | 1 Service Manager | 2024-08-04 | N/A |
| Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | ||||
| CVE-2019-11658 | 1 Microfocus | 1 Content Manager | 2024-08-04 | N/A |
| Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. | ||||
| CVE-2019-11652 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-04 | N/A |
| A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. | ||||