Microfocus Security Vulnerabilities
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
9.8CVSS
9.7AI Score
0.002EPSS
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
9.8CVSS
9.2AI Score
0.002EPSS
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
9.8CVSS
9.3AI Score
0.003EPSS
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunc...
10CVSS
8.2AI Score
0.069EPSS
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...
9.1CVSS
8.4AI Score
0.069EPSS
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
9.1CVSS
7.3AI Score
0.006EPSS
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer ...
7.5CVSS
7.4AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
6.1CVSS
6.2AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
8.8CVSS
9AI Score
0.004EPSS
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
9.6CVSS
8.4AI Score
0.003EPSS
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
6.8CVSS
6.3AI Score
0.001EPSS
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
9.8CVSS
9.6AI Score
0.009EPSS
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
7.5CVSS
7.4AI Score
0.001EPSS
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
7.5CVSS
7.4AI Score
0.002EPSS
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
6.1CVSS
6.1AI Score
0.001EPSS
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
9.8CVSS
9.3AI Score
0.003EPSS
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. This vulnerability could be exploited to allow a XML External Entity (XXE) injection.
9.8CVSS
9.4AI Score
0.003EPSS
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.
9.8CVSS
7.4AI Score
0.003EPSS
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
9.8CVSS
9.4AI Score
0.004EPSS
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE)
9.8CVSS
9.2AI Score
0.002EPSS
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
9.8CVSS
9.3AI Score
0.005EPSS
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
5.4CVSS
6.1AI Score
0.001EPSS
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to a...
5.4CVSS
5.2AI Score
0.001EPSS
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
8.8CVSS
8.9AI Score
0.001EPSS
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-sit...
8.8CVSS
8.9AI Score
0.001EPSS
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017...
9.8CVSS
9.6AI Score
0.047EPSS
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017...
9.8CVSS
9.6AI Score
0.06EPSS
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
8.8CVSS
8.7AI Score
0.001EPSS
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If an...
5.3CVSS
5.1AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
9.8CVSS
9.6AI Score
0.021EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
6.1CVSS
6.2AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
4.8CVSS
5.1AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
6.5CVSS
6.3AI Score
0.001EPSS
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
7.5CVSS
7.2AI Score
0.002EPSS
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
7.5CVSS
7.4AI Score
0.007EPSS
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
7.8CVSS
7.7AI Score
0.001EPSS
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
6.5CVSS
6.4AI Score
0.007EPSS
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
6.5CVSS
6.4AI Score
0.007EPSS
6.1CVSS
6.2AI Score
0.001EPSS
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of...
8.8CVSS
8.5AI Score
0.001EPSS
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
6.1CVSS
5.9AI Score
0.001EPSS
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited ...
5.4CVSS
5.4AI Score
0.001EPSS
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
5.9CVSS
5.7AI Score
0.001EPSS
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests...
6.1CVSS
5.9AI Score
0.001EPSS
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
9.8CVSS
9.2AI Score
0.004EPSS
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
5.4CVSS
5.4AI Score
0.001EPSS