Microfocus Security Vulnerabilities
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an...
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy...
7.2CVSS
6.9AI Score
0.001EPSS
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting...
5.9CVSS
5.3AI Score
0.0004EPSS
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2,...
9.8CVSS
9.5AI Score
0.001EPSS
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow...
8.2CVSS
6.2AI Score
0.0005EPSS
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited...
6.5CVSS
6.4AI Score
0.136EPSS
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8,...
6.1CVSS
6AI Score
0.001EPSS
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers...
8.8CVSS
8.6AI Score
0.001EPSS
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter.....
9.8CVSS
9.2AI Score
0.005EPSS
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51,...
7.5CVSS
7.5AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted...
6.1CVSS
6AI Score
0.002EPSS
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The...
9.8CVSS
9.6AI Score
0.233EPSS
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This...
8.8CVSS
8.5AI Score
0.001EPSS
An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of...
7.5CVSS
7.5AI Score
0.001EPSS
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to...
9.8CVSS
9.8AI Score
0.332EPSS
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker...
5.4CVSS
5.3AI Score
0.001EPSS
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE)...
9.8CVSS
9.4AI Score
0.003EPSS
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of...
7.8CVSS
7.7AI Score
0.001EPSS
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity...
9.8CVSS
9.2AI Score
0.002EPSS
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to...
8.8CVSS
8.7AI Score
0.008EPSS
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration...
5.3CVSS
5.2AI Score
0.001EPSS
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is....
6.5CVSS
6.2AI Score
0.002EPSS
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and...
5.4CVSS
5.4AI Score
0.001EPSS
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer....
7.5CVSS
7.4AI Score
0.001EPSS
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service...
7.5CVSS
7.3AI Score
0.001EPSS
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite...
9.8CVSS
9.6AI Score
0.039EPSS
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226....
9.8CVSS
8.3AI Score
0.332EPSS
Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka...
8.1AI Score
0.939EPSS
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system...
6.7CVSS
6.7AI Score
0.0004EPSS
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running...
8.8CVSS
8.6AI Score
0.001EPSS
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web...
6.1CVSS
5.9AI Score
0.001EPSS
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite...
9.8CVSS
9.6AI Score
0.055EPSS
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is...
8CVSS
5.2AI Score
0.001EPSS
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11,...
7.8CVSS
7.7AI Score
0.004EPSS
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and...
8.8CVSS
8.9AI Score
0.001EPSS
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager...
8.8CVSS
8.7AI Score
0.002EPSS
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to.....
5.4CVSS
5.2AI Score
0.001EPSS
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory...
9.8CVSS
9.3AI Score
0.003EPSS
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and....
6.1CVSS
6.1AI Score
0.001EPSS
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure...
7.5CVSS
7.2AI Score
0.002EPSS
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40.....
8.8CVSS
8.8AI Score
0.837EPSS
6.3CVSS
6.5AI Score
0.001EPSS
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code...
9.8CVSS
9.8AI Score
0.012EPSS
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after...
6.1CVSS
6.1AI Score
0.001EPSS
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and...
8CVSS
5.2AI Score
0.001EPSS
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and...
5.4CVSS
5.2AI Score
0.001EPSS
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to...
5.5CVSS
5.3AI Score
0.0004EPSS
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user...
7.6CVSS
7.5AI Score
0.002EPSS
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier...
6.1CVSS
5.9AI Score
0.001EPSS
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information...