Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Micro Focus Security Vulnerabilities

cve
cve

CVE-2019-11658

Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...

4.3CVSS

4.3AI Score

0.001EPSS

2019-08-30 09:15 AM
22
cve
cve

CVE-2018-7690

A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized...

6.5CVSS

6.4AI Score

0.007EPSS

2018-12-13 02:29 PM
32
cve
cve

CVE-2018-7687

The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in...

7.8CVSS

7.7AI Score

0.001EPSS

2018-05-21 08:29 PM
16
cve
cve

CVE-2018-7683

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log...

7.5CVSS

7.2AI Score

0.002EPSS

2018-06-21 07:29 PM
16
2
cve
cve

CVE-2018-1343

PAM exposure enabling unauthenticated access to remote...

9.8CVSS

9.4AI Score

0.003EPSS

2018-03-06 08:29 PM
23
cve
cve

CVE-2018-17952

Cross site scripting vulnerability in eDirectory prior to 9.1...

6.1CVSS

6AI Score

0.001EPSS

2018-12-12 02:29 PM
22
cve
cve

CVE-2017-9282

An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not...

9.8CVSS

9.7AI Score

0.002EPSS

2017-09-21 10:29 PM
28
cve
cve

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the...

9.8CVSS

9.6AI Score

0.616EPSS

2018-01-20 12:29 AM
30
cve
cve

CVE-2022-26326

Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to...

6.1CVSS

6.2AI Score

0.001EPSS

2022-05-02 07:15 PM
57
2
cve
cve

CVE-2018-12465

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to...

9.1CVSS

8.4AI Score

0.069EPSS

2018-06-29 04:29 PM
25
cve
cve

CVE-2019-3485

Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to...

6.1CVSS

6AI Score

0.001EPSS

2019-07-24 04:15 PM
98
2
cve
cve

CVE-2019-18947

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information...

3.5CVSS

3.9AI Score

0.0004EPSS

2021-02-26 04:15 AM
60
2
cve
cve

CVE-2019-18942

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without...

5.5CVSS

5AI Score

0.0004EPSS

2021-02-26 04:15 AM
52
2
cve
cve

CVE-2019-11669

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of...

7.5CVSS

7.3AI Score

0.001EPSS

2019-09-10 09:15 PM
79
cve
cve

CVE-2019-11661

Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of...

8.3CVSS

8AI Score

0.001EPSS

2019-09-18 10:15 PM
125
cve
cve

CVE-2019-11662

Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error...

4.3CVSS

4.4AI Score

0.001EPSS

2019-09-18 10:15 PM
127
cve
cve

CVE-2019-11648

An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive...

7.5CVSS

7.2AI Score

0.002EPSS

2019-06-24 04:15 PM
37
cve
cve

CVE-2018-7682

Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across...

6.5CVSS

6.3AI Score

0.001EPSS

2018-06-22 10:29 PM
18
2
cve
cve

CVE-2018-7679

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code...

9.8CVSS

9.6AI Score

0.018EPSS

2018-06-21 07:29 PM
20
cve
cve

CVE-2018-6504

A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery...

8.8CVSS

8.7AI Score

0.001EPSS

2018-09-20 07:29 PM
19
cve
cve

CVE-2018-6502

A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting...

6.5CVSS

5.9AI Score

0.001EPSS

2018-09-20 07:29 PM
25
cve
cve

CVE-2018-6496

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery...

8.8CVSS

8.9AI Score

0.001EPSS

2018-06-16 01:29 AM
35
cve
cve

CVE-2018-19643

Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...

7.5CVSS

7.4AI Score

0.002EPSS

2019-03-27 06:29 PM
29
cve
cve

CVE-2018-18589

A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary...

8.8CVSS

9AI Score

0.005EPSS

2018-10-23 05:29 PM
23
cve
cve

CVE-2018-17949

Cross site scripting vulnerability in iManager prior to 3.1...

6.1CVSS

6AI Score

0.001EPSS

2018-12-12 02:29 PM
18
cve
cve

CVE-2017-7420

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter.....

9.8CVSS

9.2AI Score

0.005EPSS

2017-08-21 03:29 PM
26
cve
cve

CVE-2018-12463

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML...

9.8CVSS

9.1AI Score

0.167EPSS

2018-07-12 04:29 PM
41
cve
cve

CVE-2018-12464

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...

10CVSS

8.2AI Score

0.069EPSS

2018-06-29 04:29 PM
28
cve
cve

CVE-2018-6486

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE)...

9.8CVSS

9.4AI Score

0.003EPSS

2018-02-02 02:29 PM
25
cve
cve

CVE-2017-14363

Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting...

5.9CVSS

5.2AI Score

0.001EPSS

2017-12-21 10:29 PM
28
cve
cve

CVE-2019-18946

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session...

4.8CVSS

5.1AI Score

0.0004EPSS

2021-02-26 04:15 AM
54
3
cve
cve

CVE-2021-22515

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch...

6.5CVSS

6.6AI Score

0.001EPSS

2021-07-12 11:15 AM
19
4
cve
cve

CVE-2020-25834

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting...

5.4CVSS

5.4AI Score

0.001EPSS

2020-11-17 01:15 AM
39
2
cve
cve

CVE-2020-25832

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS...

5.4CVSS

5.2AI Score

0.001EPSS

2020-11-17 02:15 AM
49
cve
cve

CVE-2020-11851

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary...

9.8CVSS

9.6AI Score

0.133EPSS

2020-11-17 02:15 AM
51
15
cve
cve

CVE-2019-18944

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected...

4.9CVSS

5.1AI Score

0.0004EPSS

2021-02-26 04:15 AM
53
2
cve
cve

CVE-2019-11665

Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...

7.5CVSS

7.3AI Score

0.002EPSS

2019-09-17 08:15 PM
81
cve
cve

CVE-2019-11666

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted...

8.8CVSS

8.5AI Score

0.003EPSS

2019-09-17 07:15 PM
71
cve
cve

CVE-2019-11667

Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private...

7.5CVSS

7.2AI Score

0.002EPSS

2019-09-17 06:15 PM
50
cve
cve

CVE-2019-11663

Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...

6.5CVSS

6.3AI Score

0.001EPSS

2019-09-18 10:15 PM
132
cve
cve

CVE-2019-11664

Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...

6.5CVSS

6.4AI Score

0.001EPSS

2019-09-18 10:15 PM
126
cve
cve

CVE-2019-11647

A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS...

6.1CVSS

5.9AI Score

0.001EPSS

2019-06-24 04:15 PM
34
cve
cve

CVE-2018-7680

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header...

6.1CVSS

6.2AI Score

0.001EPSS

2018-06-21 07:29 PM
28
2
cve
cve

CVE-2018-6505

A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File...

7.5CVSS

7.4AI Score

0.001EPSS

2018-09-20 07:29 PM
21
cve
cve

CVE-2018-6500

A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory...

7.5CVSS

7.3AI Score

0.002EPSS

2018-09-20 04:29 PM
21
cve
cve

CVE-2018-6490

Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of...

7.5CVSS

7.4AI Score

0.001EPSS

2018-03-02 01:29 AM
26
cve
cve

CVE-2018-6487

Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of...

9.8CVSS

7.4AI Score

0.003EPSS

2018-02-20 09:29 PM
14
cve
cve

CVE-2018-1342

A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative...

9.8CVSS

9.4AI Score

0.005EPSS

2018-01-26 02:29 AM
18
cve
cve

CVE-2018-19644

Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...

6.1CVSS

6.1AI Score

0.001EPSS

2019-03-27 06:29 PM
19
cve
cve

CVE-2018-19642

Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...

7.5CVSS

7.4AI Score

0.001EPSS

2019-03-27 05:29 PM
19
Total number of security vulnerabilities137