Microfocus CVEs and Security Vulnerabilities

Filtered by vendor Microfocus Subscriptions

Search

Switch to Advanced Search (Beta)

Total 260 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-38125	1 Microfocus	1 Operations Bridge	2024-11-21	9.8 Critical
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
CVE-2021-38124	1 Microfocus	1 Arcsight Enterprise Security Manager	2024-11-21	9.8 Critical
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
CVE-2021-38123	1 Microfocus	1 Network Automation	2024-11-21	6.1 Medium
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
CVE-2021-22535	1 Microfocus	1 Netiq Directory And Resource Administrator	2024-11-21	4.9 Medium
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.
CVE-2021-22531	1 Microfocus	1 Access Manager	2024-11-21	6.1 Medium
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
CVE-2021-22528	1 Microfocus	1 Access Manager	2024-11-21	8 High
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22527	1 Microfocus	1 Access Manager	2024-11-21	6 Medium
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22526	1 Microfocus	1 Access Manager	2024-11-21	4.9 Medium
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22525	1 Microfocus	1 Access Manager	2024-11-21	5.5 Medium
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
CVE-2021-22524	1 Microfocus	1 Access Manager	2024-11-21	5.4 Medium
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVE-2021-22523	1 Microfocus	1 Verastream Host Integrator	2024-11-21	7.6 High
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions.
CVE-2021-22522	1 Microfocus	1 Verastream Host Integrator	2024-11-21	7.1 High
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data.
CVE-2021-22521	1 Microfocus	2 Zenworks Configuration Management, Zenworks Endpoint Security Management	2024-11-21	6.7 Medium
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-22519	1 Microfocus	1 Sitescope	2024-11-21	9.8 Critical
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow remote attackers to execute arbitrary code on affected installations of SiteScope.
CVE-2021-22517	1 Microfocus	1 Data Protector	2024-11-21	8.8 High
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data.
CVE-2021-22516	1 Microfocus	1 Secure Api Manager	2024-11-21	7.5 High
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
CVE-2021-22515	1 Microfocus	1 Netiq Advanced Authentication	2024-11-21	4.8 Medium
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
CVE-2021-22514	1 Microfocus	1 Application Performance Management	2024-11-21	9.8 Critical
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
CVE-2021-22513	1 Microfocus	1 Application Automation Tools	2024-11-21	6.5 Medium
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.
CVE-2021-22512	1 Microfocus	1 Application Automation Tools	2024-11-21	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.

« first previous Page 3 of 13. next last »