Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...
4.3CVSS
4.3AI Score
0.001EPSS
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized...
6.5CVSS
6.4AI Score
0.007EPSS
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in...
7.8CVSS
7.7AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log...
7.5CVSS
7.2AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.003EPSS
6.1CVSS
6AI Score
0.001EPSS
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not...
9.8CVSS
9.7AI Score
0.002EPSS
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the...
9.8CVSS
9.6AI Score
0.616EPSS
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to...
6.1CVSS
6.2AI Score
0.001EPSS
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to...
9.1CVSS
8.4AI Score
0.069EPSS
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to...
6.1CVSS
6AI Score
0.001EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information...
3.5CVSS
3.9AI Score
0.0004EPSS
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without...
5.5CVSS
5AI Score
0.0004EPSS
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of...
7.5CVSS
7.3AI Score
0.001EPSS
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of...
8.3CVSS
8AI Score
0.001EPSS
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error...
4.3CVSS
4.4AI Score
0.001EPSS
An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive...
7.5CVSS
7.2AI Score
0.002EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across...
6.5CVSS
6.3AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code...
9.8CVSS
9.6AI Score
0.018EPSS
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery...
8.8CVSS
8.7AI Score
0.001EPSS
A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting...
6.5CVSS
5.9AI Score
0.001EPSS
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery...
8.8CVSS
8.9AI Score
0.001EPSS
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
7.5CVSS
7.4AI Score
0.002EPSS
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary...
8.8CVSS
9AI Score
0.005EPSS
6.1CVSS
6AI Score
0.001EPSS
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter.....
9.8CVSS
9.2AI Score
0.005EPSS
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML...
9.8CVSS
9.1AI Score
0.167EPSS
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
10CVSS
8.2AI Score
0.069EPSS
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE)...
9.8CVSS
9.4AI Score
0.003EPSS
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting...
5.9CVSS
5.2AI Score
0.001EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session...
4.8CVSS
5.1AI Score
0.0004EPSS
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch...
6.5CVSS
6.6AI Score
0.001EPSS
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting...
5.4CVSS
5.4AI Score
0.001EPSS
Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS...
5.4CVSS
5.2AI Score
0.001EPSS
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary...
9.8CVSS
9.6AI Score
0.133EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected...
4.9CVSS
5.1AI Score
0.0004EPSS
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...
7.5CVSS
7.3AI Score
0.002EPSS
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted...
8.8CVSS
8.5AI Score
0.003EPSS
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private...
7.5CVSS
7.2AI Score
0.002EPSS
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...
6.5CVSS
6.3AI Score
0.001EPSS
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data...
6.5CVSS
6.4AI Score
0.001EPSS
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS...
6.1CVSS
5.9AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header...
6.1CVSS
6.2AI Score
0.001EPSS
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File...
7.5CVSS
7.4AI Score
0.001EPSS
A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory...
7.5CVSS
7.3AI Score
0.002EPSS
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of...
7.5CVSS
7.4AI Score
0.001EPSS
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of...
9.8CVSS
7.4AI Score
0.003EPSS
A Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server, and potentially execute them. This impacts NetIQ Access Manager versions 4.3 and 4.4 as well as the Administrative...
9.8CVSS
9.4AI Score
0.005EPSS
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
6.1CVSS
6.1AI Score
0.001EPSS
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
7.5CVSS
7.4AI Score
0.001EPSS