Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
9.8CVSS
9.6AI Score
0.009EPSS
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
7.5CVSS
7.4AI Score
0.001EPSS
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
7.5CVSS
7.4AI Score
0.002EPSS
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
6.1CVSS
6.1AI Score
0.001EPSS
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
9.8CVSS
9.3AI Score
0.003EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
9.8CVSS
9.6AI Score
0.021EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
6.1CVSS
6.2AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
4.8CVSS
5.1AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
6.5CVSS
6.3AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
7.5CVSS
7.2AI Score
0.002EPSS
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
5.5CVSS
5AI Score
0.0004EPSS
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
8CVSS
7.7AI Score
0.0004EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
4.9CVSS
5.1AI Score
0.0004EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
8CVSS
7.9AI Score
0.0004EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
4.8CVSS
5.1AI Score
0.0004EPSS
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
3.5CVSS
3.9AI Score
0.0004EPSS
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
6.1CVSS
6.2AI Score
0.001EPSS