Micro Focus Security Vulnerabilities
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log...
7.5CVSS
7.2AI Score
0.002EPSS
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code...
9.1CVSS
7.3AI Score
0.006EPSS
9.8CVSS
9.4AI Score
0.003EPSS
6.1CVSS
6AI Score
0.001EPSS
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle...
7.4CVSS
7.3AI Score
0.001EPSS
A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site...
5.4CVSS
5.2AI Score
0.001EPSS
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the...
9.8CVSS
9.6AI Score
0.616EPSS
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to...
6.1CVSS
6.2AI Score
0.001EPSS
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to...
8.8CVSS
8.7AI Score
0.008EPSS
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE)...
9.8CVSS
9.4AI Score
0.003EPSS
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to...
6.1CVSS
6AI Score
0.001EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information...
3.5CVSS
3.9AI Score
0.0004EPSS
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without...
5.5CVSS
5AI Score
0.0004EPSS
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of...
7.5CVSS
7.3AI Score
0.001EPSS
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of...
8.3CVSS
8AI Score
0.001EPSS
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error...
4.3CVSS
4.4AI Score
0.001EPSS
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive...
7.5CVSS
7.2AI Score
0.002EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across...
6.5CVSS
6.3AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code...
9.8CVSS
9.6AI Score
0.018EPSS
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery...
8.8CVSS
8.7AI Score
0.001EPSS
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting...
6.5CVSS
5.9AI Score
0.001EPSS
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery...
8.8CVSS
8.9AI Score
0.001EPSS
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
7.5CVSS
7.4AI Score
0.002EPSS
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary...
8.8CVSS
9AI Score
0.005EPSS
6.1CVSS
6AI Score
0.001EPSS
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to...
9.1CVSS
8.4AI Score
0.069EPSS
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML...
9.8CVSS
9.1AI Score
0.167EPSS
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
10CVSS
8.2AI Score
0.069EPSS
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting...
5.9CVSS
5.2AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.002EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session...
4.8CVSS
5.1AI Score
0.0004EPSS
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain...
8CVSS
7.7AI Score
0.0004EPSS
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary...
7.5CVSS
7.5AI Score
0.005EPSS
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn...
5.4CVSS
5.4AI Score
0.001EPSS
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to...
5.9CVSS
5.7AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory...
7.5CVSS
7.4AI Score
0.007EPSS
A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access...
6.5CVSS
6.3AI Score
0.001EPSS
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of...
5.4CVSS
6.1AI Score
0.001EPSS
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of...
9.8CVSS
9.3AI Score
0.005EPSS
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
9.8CVSS
9.6AI Score
0.009EPSS
7.5CVSS
7.5AI Score
0.001EPSS
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service...
7.5CVSS
7.4AI Score
0.001EPSS
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11...
9.8CVSS
9.6AI Score
0.005EPSS
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...
5.4CVSS
5.3AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header...
6.1CVSS
6.2AI Score
0.001EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected...
4.9CVSS
5.1AI Score
0.0004EPSS
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8,...
6.1CVSS
6AI Score
0.001EPSS
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers...
8.8CVSS
8.6AI Score
0.001EPSS