Lucene search

K

Microfocus Security Vulnerabilities

cve
cve

CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an...

8.6CVSS

8.8AI Score

0.004EPSS

2019-02-11 07:29 PM
488
In Wild
9
cve
cve

CVE-2023-32268

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy...

7.2CVSS

6.9AI Score

0.001EPSS

2023-12-06 02:15 PM
8
cve
cve

CVE-2020-25835

A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting...

5.9CVSS

5.3AI Score

0.0004EPSS

2023-12-09 02:15 AM
8
cve
cve

CVE-2023-5913

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2,...

9.8CVSS

9.5AI Score

0.001EPSS

2023-11-08 05:15 PM
24
cve
cve

CVE-2023-4964

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow...

8.2CVSS

6.2AI Score

0.0005EPSS

2023-10-30 03:15 PM
18
cve
cve

CVE-2016-5765

Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited...

6.5CVSS

6.4AI Score

0.136EPSS

2016-11-29 11:59 AM
18
cve
cve

CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8,...

6.1CVSS

6AI Score

0.001EPSS

2017-08-21 03:29 PM
25
cve
cve

CVE-2017-5187

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers...

8.8CVSS

8.6AI Score

0.001EPSS

2017-08-21 03:29 PM
25
cve
cve

CVE-2017-7420

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter.....

9.8CVSS

9.2AI Score

0.005EPSS

2017-08-21 03:29 PM
26
cve
cve

CVE-2019-11668

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51,...

7.5CVSS

7.5AI Score

0.002EPSS

2019-09-10 09:15 PM
84
cve
cve

CVE-2016-1599

Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted...

6.1CVSS

6AI Score

0.002EPSS

2016-03-24 01:59 AM
26
cve
cve

CVE-2020-11854

Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The...

9.8CVSS

9.6AI Score

0.233EPSS

2020-10-27 05:15 PM
68
2
cve
cve

CVE-2017-7423

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This...

8.8CVSS

8.5AI Score

0.001EPSS

2017-08-21 03:29 PM
20
cve
cve

CVE-2017-9281

An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of...

7.5CVSS

7.5AI Score

0.001EPSS

2017-09-21 10:29 PM
22
cve
cve

CVE-2016-1606

Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to...

9.8CVSS

9.8AI Score

0.332EPSS

2016-07-03 01:59 AM
22
cve
cve

CVE-2020-9524

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker...

5.4CVSS

5.3AI Score

0.001EPSS

2020-05-18 02:15 PM
38
cve
cve

CVE-2018-6486

XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE)...

9.8CVSS

9.4AI Score

0.003EPSS

2018-02-02 02:29 PM
24
cve
cve

CVE-2017-14355

A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of...

7.8CVSS

7.7AI Score

0.001EPSS

2017-12-05 09:29 PM
23
cve
cve

CVE-2018-6489

XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity...

9.8CVSS

9.2AI Score

0.002EPSS

2018-02-22 10:29 PM
17
cve
cve

CVE-2019-3493

A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to...

8.8CVSS

8.7AI Score

0.008EPSS

2019-04-29 04:29 PM
26
cve
cve

CVE-2017-9273

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration...

5.3CVSS

5.2AI Score

0.001EPSS

2017-10-06 05:29 PM
21
cve
cve

CVE-2017-7424

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is....

6.5CVSS

6.2AI Score

0.002EPSS

2017-08-21 03:29 PM
23
cve
cve

CVE-2017-7422

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and...

5.4CVSS

5.4AI Score

0.001EPSS

2017-08-21 03:29 PM
22
cve
cve

CVE-2018-12469

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer....

7.5CVSS

7.4AI Score

0.001EPSS

2018-10-12 01:29 PM
19
cve
cve

CVE-2017-9272

The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service...

7.5CVSS

7.3AI Score

0.001EPSS

2017-10-06 05:29 PM
22
cve
cve

CVE-2018-6498

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite...

9.8CVSS

9.6AI Score

0.039EPSS

2018-08-30 09:29 PM
19
cve
cve

CVE-2016-5228

Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226....

9.8CVSS

8.3AI Score

0.332EPSS

2016-07-03 01:59 AM
33
cve
cve

CVE-2015-0795

Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka...

8.1AI Score

0.939EPSS

2015-07-18 10:59 AM
18
cve
cve

CVE-2021-22521

A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system...

6.7CVSS

6.7AI Score

0.0004EPSS

2021-07-30 09:15 PM
52
2
cve
cve

CVE-2020-9523

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running...

8.8CVSS

8.6AI Score

0.001EPSS

2020-04-17 03:15 PM
49
cve
cve

CVE-2019-11651

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web...

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-02 09:15 PM
26
cve
cve

CVE-2018-6499

Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite...

9.8CVSS

9.6AI Score

0.055EPSS

2018-08-30 09:29 PM
26
cve
cve

CVE-2022-38754

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is...

8CVSS

5.2AI Score

0.001EPSS

2022-12-08 04:15 PM
27
cve
cve

CVE-2020-11858

Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11,...

7.8CVSS

7.7AI Score

0.004EPSS

2020-10-27 05:15 PM
43
3
cve
cve

CVE-2018-6497

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and...

8.8CVSS

8.9AI Score

0.001EPSS

2018-06-16 01:29 AM
28
cve
cve

CVE-2017-7429

The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager...

8.8CVSS

8.7AI Score

0.002EPSS

2018-03-02 08:29 PM
21
cve
cve

CVE-2018-6495

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to.....

5.4CVSS

5.2AI Score

0.001EPSS

2018-05-23 06:29 PM
24
cve
cve

CVE-2017-9285

NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory...

9.8CVSS

9.3AI Score

0.003EPSS

2018-03-02 08:29 PM
22
cve
cve

CVE-2019-3490

A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and....

6.1CVSS

6.1AI Score

0.001EPSS

2019-05-02 05:29 PM
24
cve
cve

CVE-2016-1600

The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure...

7.5CVSS

7.2AI Score

0.002EPSS

2019-05-09 09:29 PM
17
cve
cve

CVE-2020-11853

Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40.....

8.8CVSS

8.8AI Score

0.837EPSS

2020-10-22 09:15 PM
101
4
cve
cve

CVE-2022-38753

This update resolves a multi-factor authentication bypass...

6.3CVSS

6.5AI Score

0.001EPSS

2022-11-28 10:15 PM
37
4
cve
cve

CVE-2021-38124

Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code...

9.8CVSS

9.8AI Score

0.012EPSS

2021-09-28 02:15 PM
21
cve
cve

CVE-2021-38123

Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after...

6.1CVSS

6.1AI Score

0.001EPSS

2021-09-07 05:15 PM
23
cve
cve

CVE-2021-22528

Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and...

8CVSS

5.2AI Score

0.001EPSS

2021-09-13 12:15 PM
22
cve
cve

CVE-2021-22524

Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and...

5.4CVSS

5.2AI Score

0.001EPSS

2021-09-13 12:15 PM
17
cve
cve

CVE-2021-22525

This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to...

5.5CVSS

5.3AI Score

0.0004EPSS

2021-09-02 05:15 PM
19
cve
cve

CVE-2021-22523

XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user...

7.6CVSS

7.5AI Score

0.002EPSS

2021-07-22 12:15 PM
19
5
cve
cve

CVE-2021-22510

Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier...

6.1CVSS

5.9AI Score

0.001EPSS

2021-04-08 10:15 PM
77
5
cve
cve

CVE-2021-22506

Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information...

7.5CVSS

7.6AI Score

0.004EPSS

2021-03-26 02:15 PM
844
In Wild
Total number of security vulnerabilities221