Lucene search

K

Micro Focus Security Vulnerabilities

cve
cve

CVE-2020-25835

A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting...

5.9CVSS

5.3AI Score

0.0004EPSS

2023-12-09 02:15 AM
8
cve
cve

CVE-2017-7433

An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed without...

6.5CVSS

6.4AI Score

0.002EPSS

2017-05-18 02:29 PM
25
cve
cve

CVE-2020-11844

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight.....

10CVSS

9.2AI Score

0.021EPSS

2020-05-29 10:15 PM
60
2
cve
cve

CVE-2022-38757

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone...

7.2CVSS

6.9AI Score

0.002EPSS

2022-12-23 04:15 PM
28
cve
cve

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40.....

8.8CVSS

8.8AI Score

0.837EPSS

2020-10-22 09:15 PM
101
4
cve
cve

CVE-2022-38754

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is...

8CVSS

5.2AI Score

0.001EPSS

2022-12-08 04:15 PM
27
cve
cve

CVE-2018-6498

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite...

9.8CVSS

9.6AI Score

0.039EPSS

2018-08-30 09:29 PM
19
cve
cve

CVE-2018-6499

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite...

9.8CVSS

9.6AI Score

0.055EPSS

2018-08-30 09:29 PM
26
cve
cve

CVE-2018-6495

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to.....

5.4CVSS

5.2AI Score

0.001EPSS

2018-05-23 06:29 PM
24
cve
cve

CVE-2022-38755

A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior....

5.3CVSS

5.3AI Score

0.001EPSS

2022-11-21 05:15 PM
32
2
cve
cve

CVE-2020-11858

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11,...

7.8CVSS

7.7AI Score

0.004EPSS

2020-10-27 05:15 PM
43
3
cve
cve

CVE-2018-6497

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and...

8.8CVSS

8.9AI Score

0.001EPSS

2018-06-16 01:29 AM
28
cve
cve

CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The...

9.8CVSS

9.6AI Score

0.233EPSS

2020-10-27 05:15 PM
68
2
cve
cve

CVE-2017-14356

An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL...

9.8CVSS

9.9AI Score

0.001EPSS

2017-10-31 03:29 PM
28
cve
cve

CVE-2017-7423

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This...

8.8CVSS

8.5AI Score

0.001EPSS

2017-08-21 03:29 PM
20
cve
cve

CVE-2016-9176

Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute...

9.8CVSS

9.4AI Score

0.009EPSS

2016-11-04 12:59 AM
18
cve
cve

CVE-2017-9282

An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not...

9.8CVSS

9.7AI Score

0.002EPSS

2017-09-21 10:29 PM
28
cve
cve

CVE-2022-38756

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP...

4.3CVSS

4.3AI Score

0.001EPSS

2022-12-16 11:15 PM
31
cve
cve

CVE-2017-14357

A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting...

6.1CVSS

5.8AI Score

0.001EPSS

2017-10-31 03:29 PM
23
cve
cve

CVE-2017-7424

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is....

6.5CVSS

6.2AI Score

0.002EPSS

2017-08-21 03:29 PM
23
cve
cve

CVE-2017-7422

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and...

5.4CVSS

5.4AI Score

0.001EPSS

2017-08-21 03:29 PM
22
cve
cve

CVE-2017-9283

An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not...

9.8CVSS

9.2AI Score

0.002EPSS

2017-09-21 10:29 PM
20
cve
cve

CVE-2018-6492

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow persistent.....

6.1CVSS

6.8AI Score

0.002EPSS

2018-05-22 07:29 PM
24
cve
cve

CVE-2018-6493

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL...

8.8CVSS

9.1AI Score

0.001EPSS

2018-05-22 07:29 PM
25
cve
cve

CVE-2019-11652

A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as...

9.8CVSS

9.2AI Score

0.004EPSS

2019-08-14 04:15 PM
22
cve
cve

CVE-2022-26330

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior...

7.5CVSS

7.3AI Score

0.002EPSS

2022-08-31 04:15 PM
26
4
cve
cve

CVE-2017-14358

A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted...

6.1CVSS

6.2AI Score

0.001EPSS

2017-10-31 03:29 PM
27
cve
cve

CVE-2022-26331

Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior...

6.1CVSS

6.3AI Score

0.001EPSS

2022-08-31 04:15 PM
27
4
cve
cve

CVE-2018-18591

A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of...

6.8CVSS

6.3AI Score

0.001EPSS

2018-11-13 01:29 PM
29
cve
cve

CVE-2018-6488

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code...

9.8CVSS

9.4AI Score

0.004EPSS

2018-02-22 10:29 PM
23
cve
cve

CVE-2020-9520

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...

5.4CVSS

5.3AI Score

0.001EPSS

2020-03-25 09:15 PM
51
cve
cve

CVE-2019-11649

Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited....

5.4CVSS

5.4AI Score

0.001EPSS

2019-06-20 12:00 AM
59
cve
cve

CVE-2018-12469

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer....

7.5CVSS

7.4AI Score

0.001EPSS

2018-10-12 01:29 PM
19
cve
cve

CVE-2019-3489

An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to...

7.5CVSS

7.7AI Score

0.002EPSS

2019-04-01 08:29 PM
21
cve
cve

CVE-2018-6486

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE)...

9.8CVSS

9.4AI Score

0.003EPSS

2018-02-02 02:29 PM
24
cve
cve

CVE-2019-3493

A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to...

8.8CVSS

8.7AI Score

0.008EPSS

2019-04-29 04:29 PM
26
cve
cve

CVE-2019-18946

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session...

4.8CVSS

5.1AI Score

0.0004EPSS

2021-02-26 04:15 AM
54
3
cve
cve

CVE-2022-38758

Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on...

7.2CVSS

6AI Score

0.001EPSS

2023-01-26 09:15 PM
14
cve
cve

CVE-2018-12465

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to...

9.1CVSS

8.4AI Score

0.069EPSS

2018-06-29 04:29 PM
25
cve
cve

CVE-2021-22528

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and...

8CVSS

5.2AI Score

0.001EPSS

2021-09-13 12:15 PM
22
cve
cve

CVE-2021-22524

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and...

5.4CVSS

5.2AI Score

0.001EPSS

2021-09-13 12:15 PM
17
cve
cve

CVE-2021-22497

Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management...

7.2CVSS

7.1AI Score

0.001EPSS

2021-04-12 09:15 PM
31
4
cve
cve

CVE-2020-25833

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS...

4.8CVSS

4.8AI Score

0.001EPSS

2020-11-17 02:15 AM
45
cve
cve

CVE-2019-18943

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain...

8CVSS

7.7AI Score

0.0004EPSS

2021-02-26 04:15 AM
54
cve
cve

CVE-2019-18945

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation...

8CVSS

7.9AI Score

0.0004EPSS

2021-02-26 04:15 AM
54
2
cve
cve

CVE-2018-7691

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized...

6.5CVSS

6.4AI Score

0.007EPSS

2018-12-13 02:29 PM
33
cve
cve

CVE-2018-7681

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the...

4.8CVSS

5.1AI Score

0.001EPSS

2018-06-21 07:29 PM
22
2
cve
cve

CVE-2018-18590

A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information...

9.6CVSS

8.4AI Score

0.002EPSS

2018-11-07 04:29 PM
27
cve
cve

CVE-2018-12468

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code...

9.1CVSS

7.3AI Score

0.006EPSS

2018-08-01 08:29 PM
20
cve
cve

CVE-2017-14361

Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle...

7.4CVSS

7.3AI Score

0.001EPSS

2017-12-13 01:29 AM
22
Total number of security vulnerabilities137