Filtered by vendor Microfocus
Subscriptions
Total
260 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22511 | 1 Microfocus | 1 Application Automation Tools | 2024-11-21 | 6.5 Medium |
| Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates. | ||||
| CVE-2021-22510 | 1 Microfocus | 1 Application Automation Tools | 2024-11-21 | 6.1 Medium |
| Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions. | ||||
| CVE-2021-22507 | 1 Microfocus | 1 Operations Bridge Manager | 2024-11-21 | 9.8 Critical |
| Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access. | ||||
| CVE-2021-22505 | 1 Microfocus | 1 Operations Agent | 2024-11-21 | 9.8 Critical |
| Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent. | ||||
| CVE-2021-22504 | 1 Microfocus | 1 Operations Bridge Manager | 2024-11-21 | 9.8 Critical |
| Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server. | ||||
| CVE-2021-22500 | 1 Microfocus | 1 Application Performance Management | 2024-11-21 | 6.5 Medium |
| Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. | ||||
| CVE-2021-22499 | 1 Microfocus | 1 Application Performance Management | 2024-11-21 | 4.8 Medium |
| Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. | ||||
| CVE-2021-22498 | 1 Microfocus | 1 Application Lifecycle Management | 2024-11-21 | 8.1 High |
| XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection. | ||||
| CVE-2021-22497 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-11-21 | 3.8 Low |
| Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. | ||||
| CVE-2021-22496 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 7.5 High |
| Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. | ||||
| CVE-2020-9524 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 5.4 Medium |
| Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). | ||||
| CVE-2020-9523 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2024-11-21 | 8.8 High |
| Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. | ||||
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||||
| CVE-2020-9521 | 1 Microfocus | 1 Service Manager Automation | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. | ||||
| CVE-2020-9520 | 1 Microfocus | 1 Vibe | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. | ||||
| CVE-2020-9519 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.3 Medium |
| HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | ||||
| CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.3 Medium |
| Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | ||||
| CVE-2020-9517 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 5.4 Medium |
| There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. | ||||
| CVE-2020-25840 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 6.1 Medium |
| Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. | ||||
| CVE-2020-25839 | 1 Microfocus | 1 Identity Manager | 2024-11-21 | 9.8 Critical |
| NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. | ||||