Microfocus Security Vulnerabilities
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations...
3.3CVSS
4AI Score
0.0004EPSS
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information...
4.9CVSS
4.8AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.002EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential...
7.1CVSS
6.4AI Score
0.001EPSS
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended.....
8.8CVSS
8.6AI Score
0.001EPSS
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log...
7.5CVSS
7.2AI Score
0.002EPSS
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's...
6.5CVSS
6.4AI Score
0.001EPSS
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated...
7.8CVSS
7.7AI Score
0.0004EPSS
Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of...
7.5CVSS
7.3AI Score
0.001EPSS
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or...
6.1CVSS
6.1AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information...
5.4CVSS
5.2AI Score
0.001EPSS
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code...
9.8CVSS
9.7AI Score
0.014EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session...
4.8CVSS
5.1AI Score
0.0004EPSS
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain...
8CVSS
7.7AI Score
0.0004EPSS
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher...
7.8CVSS
7.5AI Score
0.004EPSS
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary...
7.5CVSS
7.5AI Score
0.005EPSS
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn...
5.4CVSS
5.4AI Score
0.001EPSS
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to...
5.9CVSS
5.7AI Score
0.001EPSS
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure...
8.8CVSS
8.5AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory...
7.5CVSS
7.4AI Score
0.007EPSS
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If...
5.3CVSS
5.1AI Score
0.001EPSS
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of...
5.4CVSS
6.1AI Score
0.001EPSS
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of...
9.8CVSS
9.3AI Score
0.005EPSS
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to...
9.8CVSS
9.6AI Score
0.009EPSS
7.5CVSS
7.5AI Score
0.001EPSS
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not...
9.8CVSS
9.2AI Score
0.002EPSS
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration...
5.3CVSS
5.2AI Score
0.001EPSS
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration...
5.3CVSS
5.2AI Score
0.001EPSS
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...
5.4CVSS
5.3AI Score
0.001EPSS
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running...
7.5CVSS
7.4AI Score
0.002EPSS
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF...
8.8CVSS
8.6AI Score
0.001EPSS
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product...
8.8CVSS
9.1AI Score
0.001EPSS
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update...
7.8CVSS
7.5AI Score
0.0004EPSS
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations...
6.5CVSS
6.4AI Score
0.001EPSS
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress...
5.4CVSS
5.5AI Score
0.001EPSS
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update...
6.5CVSS
6.7AI Score
0.003EPSS
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone...
7.2CVSS
6.9AI Score
0.002EPSS
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight.....
10CVSS
9.2AI Score
0.021EPSS
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9,.....
9.8CVSS
9.3AI Score
0.001EPSS
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely...
8.8CVSS
8.5AI Score
0.001EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to...
7.1CVSS
6.3AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * ...
6.5CVSS
6.2AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * ...
6.5CVSS
6.3AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when...
5.7CVSS
5.3AI Score
0.001EPSS
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown...
7.1AI Score
0.938EPSS
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log...
6.5AI Score
0.002EPSS
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf...
7.7AI Score
0.799EPSS
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf...
7AI Score
0.006EPSS