Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management...
7.2CVSS
7.1AI Score
0.001EPSS
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration...
6.1CVSS
6.2AI Score
0.001EPSS
Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS...
4.8CVSS
4.8AI Score
0.001EPSS
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information...
4.3CVSS
4.4AI Score
0.001EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation...
8CVSS
7.9AI Score
0.0004EPSS
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as...
9.8CVSS
9.2AI Score
0.004EPSS
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized...
6.5CVSS
6.4AI Score
0.007EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the...
4.8CVSS
5.1AI Score
0.001EPSS
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code...
9.8CVSS
9.4AI Score
0.004EPSS
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information...
9.6CVSS
8.4AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code...
9.1CVSS
7.3AI Score
0.006EPSS
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of...
7.5CVSS
7.4AI Score
0.008EPSS
6.1CVSS
6AI Score
0.001EPSS
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle...
7.4CVSS
7.3AI Score
0.001EPSS
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute...
9.8CVSS
9.4AI Score
0.009EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior...
6.1CVSS
6.3AI Score
0.001EPSS
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to...
6.1CVSS
5.9AI Score
0.001EPSS
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage...
6.5CVSS
6.2AI Score
0.001EPSS
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to...
9.8CVSS
9.8AI Score
0.005EPSS
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS...
6.5CVSS
6.4AI Score
0.001EPSS
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations...
9.8CVSS
9.5AI Score
0.003EPSS
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information...
6.1CVSS
6AI Score
0.001EPSS
Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the...
7.8CVSS
7.9AI Score
0.0004EPSS
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting...
6.1CVSS
5.9AI Score
0.001EPSS
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of...
9.8CVSS
9.8AI Score
0.067EPSS
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information...
4.3CVSS
4.4AI Score
0.001EPSS
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to...
7.5CVSS
7.7AI Score
0.002EPSS
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open...
6.1CVSS
6.2AI Score
0.001EPSS
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed...
4.3CVSS
4.3AI Score
0.001EPSS
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized...
6.5CVSS
6.4AI Score
0.007EPSS
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in...
7.8CVSS
7.7AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log...
7.5CVSS
7.2AI Score
0.002EPSS
6.1CVSS
6AI Score
0.001EPSS
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not...
9.8CVSS
9.7AI Score
0.002EPSS
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication...
7.5CVSS
7.4AI Score
0.001EPSS
9.1CVSS
9.2AI Score
0.002EPSS
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP...
4.3CVSS
4.3AI Score
0.001EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior...
7.5CVSS
7.3AI Score
0.002EPSS
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to...
6.1CVSS
6.2AI Score
0.001EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting...
6.1CVSS
6.4AI Score
0.001EPSS
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of...
9.8CVSS
9.7AI Score
0.007EPSS
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission...
6.5CVSS
6.3AI Score
0.001EPSS
Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM...
9.8CVSS
9.7AI Score
0.007EPSS
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information...
7.5CVSS
7.3AI Score
0.002EPSS
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML...
8.1CVSS
8AI Score
0.001EPSS
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive...
6.5CVSS
6.1AI Score
0.001EPSS
Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive...
7.5CVSS
7.1AI Score
0.002EPSS
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin...
9.8CVSS
9.3AI Score
0.033EPSS
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM...
8.8CVSS
8.4AI Score
0.547EPSS