Filtered by vendor Microfocus
Subscriptions
Total
241 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11667 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 7.5 High |
| Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data. | ||||
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2024-08-04 | 7.5 High |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | ||||
| CVE-2019-11660 | 1 Microfocus | 1 Data Protector | 2024-08-04 | 7.8 High |
| Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | ||||
| CVE-2019-11674 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-04 | 5.9 Medium |
| Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | ||||
| CVE-2019-11668 | 1 Microfocus | 3 Service Manager, Service Manager Chat Server, Service Manager Chat Service | 2024-08-04 | 7.5 High |
| HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. | ||||
| CVE-2019-11663 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 6.5 Medium |
| Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | ||||
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2024-08-04 | 8.8 High |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | ||||
| CVE-2019-11661 | 1 Microfocus | 1 Service Manager | 2024-08-04 | 8.3 High |
| Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. | ||||
| CVE-2019-11650 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-08-04 | 5.9 Medium |
| A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0. | ||||
| CVE-2019-11647 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-04 | N/A |
| A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. | ||||
| CVE-2019-11651 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-08-04 | 6.1 Medium |
| Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. | ||||
| CVE-2019-5736 | 13 Apache, Canonical, D2iq and 10 more | 20 Mesos, Ubuntu Linux, Dc\/os and 17 more | 2024-08-04 | 8.6 High |
| runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe. | ||||
| CVE-2019-3475 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-08-04 | 7.8 High |
| A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | ||||
| CVE-2019-3493 | 1 Microfocus | 2 Network Automation, Network Operations Management | 2024-08-04 | N/A |
| A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution. | ||||
| CVE-2019-3489 | 1 Microfocus | 1 Content Manager | 2024-08-04 | N/A |
| An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server. | ||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2024-08-04 | N/A |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | ||||
| CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2024-08-04 | N/A |
| A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | ||||
| CVE-2019-3490 | 1 Microfocus | 1 Open Enterprise Server | 2024-08-04 | N/A |
| A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support. | ||||
| CVE-2019-3476 | 1 Microfocus | 1 Data Protector | 2024-08-04 | N/A |
| Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | ||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2024-08-04 | 9.8 Critical |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | ||||