Microfocus Security Vulnerabilities
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered inOpenText™eDirectory before 9.2.4.0000.
7.6CVSS
7.6AI Score
0.0005EPSS
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered inOpenText™ eDirectory 9.2.4.0000.
9.1CVSS
6.6AI Score
0.001EPSS
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.
4.9CVSS
4.8AI Score
0.001EPSS
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improperhandling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
7.2CVSS
5.6AI Score
0.0005EPSS
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
8.8CVSS
8.5AI Score
0.001EPSS
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.This issue affects NetIQ Advance Authentication before 6.3.5.1
8.2CVSS
6.2AI Score
0.001EPSS
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
6.1CVSS
6.1AI Score
0.001EPSS
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
9.8CVSS
9.8AI Score
0.012EPSS
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticate...
9.8CVSS
9.8AI Score
0.006EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
6.1CVSS
6.4AI Score
0.001EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
6.1CVSS
6.4AI Score
0.001EPSS
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.
3.3CVSS
4AI Score
0.0004EPSS
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.
6.5CVSS
6.2AI Score
0.001EPSS
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered inOpenText™ eDirectory 9.2.5.0000.
6.1CVSS
5.4AI Score
0.0005EPSS
PossibleExternal Service Interaction attack in eDirectory has been discovered inOpenText™ eDirectory. This impact all version before 9.2.6.0000.
9.8CVSS
5.4AI Score
0.001EPSS
PossibleExternal Service Interaction attack in eDirectory has been discovered inOpenText™ eDirectory. This impact all version before 9.2.6.0000.
7.4CVSS
7.5AI Score
0.001EPSS
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
6.1CVSS
5.9AI Score
0.001EPSS
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
6.1CVSS
6.2AI Score
0.001EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions...
7.5CVSS
7.3AI Score
0.002EPSS
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions...
6.1CVSS
6.3AI Score
0.001EPSS
6.3CVSS
6.5AI Score
0.001EPSS
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...
8CVSS
5.2AI Score
0.001EPSS
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior ...
5.3CVSS
5.3AI Score
0.001EPSS
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
4.3CVSS
4.3AI Score
0.001EPSS
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone bu...
7.2CVSS
6.9AI Score
0.003EPSS
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
9.8CVSS
9.3AI Score
0.003EPSS
6.1CVSS
6AI Score
0.001EPSS
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
9.1CVSS
9.2AI Score
0.002EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.See the following Jenkins security advisory for details: * https://www.jen...
6.5CVSS
6.2AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.See the following Jenkins security advisory for details: * https://www.jenk...
6.5CVSS
6.3AI Score
0.001EPSS
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the ...
5.7CVSS
5.3AI Score
0.001EPSS
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.An attacker would need to be authenticated into ESCWA to attempt to exp...
7.1CVSS
6.3AI Score
0.001EPSS
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.
8.8CVSS
8.5AI Score
0.001EPSS
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
7.2CVSS
6.9AI Score
0.001EPSS
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, a...
9.8CVSS
9.3AI Score
0.002EPSS
Potential open redirect vulnerabilityin opentext Service Management Automation X(SMAX) versions 2020.05, 2020.08,2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext AssetManagement X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. Thevulnerability could allow attackers to ...
8.2CVSS
6.2AI Score
0.001EPSS
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
9.8CVSS
9.5AI Score
0.001EPSS
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.
7.3CVSS
6.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
7.7CVSS
7.6AI Score
0.0005EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
7.5CVSS
5.6AI Score
0.001EPSS