Micro Focus Security Vulnerabilities
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
7.5CVSS
7.4AI Score
0.001EPSS
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8,...
6.1CVSS
6AI Score
0.001EPSS
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers...
8.8CVSS
8.6AI Score
0.001EPSS
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting...
5.4CVSS
5.4AI Score
0.001EPSS
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS...
5.4CVSS
5.2AI Score
0.001EPSS
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary...
9.8CVSS
9.6AI Score
0.133EPSS
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
6.1CVSS
6.1AI Score
0.001EPSS
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...
7.5CVSS
7.3AI Score
0.002EPSS
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted...
8.8CVSS
8.5AI Score
0.003EPSS
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private...
7.5CVSS
7.2AI Score
0.002EPSS
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...
6.5CVSS
6.3AI Score
0.001EPSS
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...
6.5CVSS
6.4AI Score
0.001EPSS
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS...
6.1CVSS
5.9AI Score
0.001EPSS
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File...
7.5CVSS
7.4AI Score
0.001EPSS
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory...
7.5CVSS
7.3AI Score
0.002EPSS
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of...
7.5CVSS
7.4AI Score
0.001EPSS
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of...
9.8CVSS
7.4AI Score
0.003EPSS
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative...
9.8CVSS
9.4AI Score
0.005EPSS
Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05, 2018.08, 2018.11....
7.5CVSS
7.6AI Score
0.004EPSS
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery...
7.3CVSS
7.1AI Score
0.001EPSS
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code...
9.8CVSS
9.5AI Score
0.03EPSS
Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized...
9.8CVSS
9.1AI Score
0.002EPSS
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration...
5.3CVSS
5.2AI Score
0.001EPSS
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration...
5.3CVSS
5.2AI Score
0.001EPSS
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running...
7.5CVSS
7.4AI Score
0.002EPSS
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF...
8.8CVSS
8.6AI Score
0.001EPSS
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to...
7.5CVSS
7.4AI Score
0.018EPSS
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product...
8.8CVSS
9.1AI Score
0.001EPSS
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress...
5.4CVSS
5.5AI Score
0.001EPSS
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update...
6.5CVSS
6.7AI Score
0.003EPSS
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations...
6.5CVSS
6.4AI Score
0.001EPSS
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update...
7.8CVSS
7.5AI Score
0.0004EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to...
7.1CVSS
6.3AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when...
5.7CVSS
5.3AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * ...
6.5CVSS
6.2AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * ...
6.5CVSS
6.3AI Score
0.001EPSS
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code...
9.8CVSS
9.4AI Score
0.333EPSS