17 matches found
CVE-2019-18947
Micro Focus Solutions Business Manager (SBM) Application Repository prior to version 11.7.1 is vulnerable to information disclosure. The issue arises from configuration and operational errors within a networked SBM deployment, allowing an unauthenticated or limited-privilege attacker to obtain se...
CVE-2019-18945
CVE-2019-18945 affects Micro Focus Solutions Business Manager Application Repository. A privilege escalation vulnerability is present in SBM/Serena SBM versions prior to 11.7.1. Exploitation details are not provided in the supplied documents, but multiple sources confirm the issue, with an explic...
CVE-2019-18943
CVE-2019-18943 affects Micro Focus Solutions Business Manager (SBM) prior to version 11.7.1, where XML External Entity Processing (XXE) on certain operations creates the vulnerability. Affected product/versions: SBM up to 11.7.0. Root cause: XXE vulnerability in SBM’s XML processing. Impact detai...
CVE-2019-18946
CVE-2019-18946 concerns Micro Focus Solutions Business Manager (SBM) Application Repository versions prior to 11.7.1 , where a session fixation vulnerability is present. The connected sources corroborate the issue is tied to SBM prior to the 11.7.1 release. Root cause details are limited in the p...
CVE-2019-18944
The CVE-2019-18944 affects Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 and is described as a reflected XSS vulnerability. Connected sources corroborate the issue as a cross‑site scripting flaw in SBM prior to 11.7.1. The exact exploit details and affecte...
CVE-2019-18942
Micro Focus Solutions Business Manager (SBM) before version 11.7.1 is vulnerable to stored XSS because the web application reflects stored input without proper encoding. Affected product: SBM (Serena/Micro Focus SBM). Root cause: lack of input encoding leading to client-side script execution. Imp...
CVE-2019-3477
CVE-2019-3477 affects Micro Focus Solution/ SBM (Serena Solutions Business Manager) versions prior to 11.4.2, with an open redirect vulnerability. The issue is attributed to improper input handling (input validation error) in SBM prior to 11.4.2, enabling redirection to attacker-controlled sites....
CVE-2018-19643
The CVE describes an information leakage vulnerability in Micro Focus Solutions Business Manager (SBM, formerly Serena SBM) versions prior to 11.5. Affected product: SBM. Issue: information disclosure vulnerability (no root-cause details provided in the sources). Impact: potential exposure of sen...
CVE-2018-19641
The CVE-2018-19641 entry concerns Micro Focus Solutions Business Manager (SBM) before version 11.5, with an unauthenticated remote code execution vulnerability. The connected records (NVD, CNVD, CVE list) corroborate the affected product and version range but do not provide detailed root-cause, e...
CVE-2018-7680
The CVE-2018-7680 entry concerns Micro Focus Solutions Business Manager versions prior to 11.4, where the product can reflect back HTTP header values. This is supported by NVD data (reflect back HTTP header values) and CNVD/PRION/other entries referencing SBM pre-11.4. The connected documents do ...
CVE-2018-19645
CVE-2018-19645 is an authentication bypass vulnerability in Solutions Business Manager (SBM, formerly Serena SBM) affecting versions prior to 11.5. CVSSv3 base score 9.8 (CRITICAL); attack vector NETWORK, no privileges required, no user interaction. Root cause details are not specified beyond aut...
CVE-2018-19644
CVE-2018-19644 affects Micro Focus Solutions Business Manager (SBM, formerly Serena SBM) and SBM versions prior to 11.5. The connected documents describe a reflected cross-site scripting vulnerability that allows a remote attacker to inject arbitrary web script or HTML into SBM’s web context.
CVE-2018-7681
Micro Focus Solutions Business Manager (SBM) prior to version 11.4 is affected by a cross-site scripting (XSS) vulnerability that allows JavaScript to be embedded in URLs placed in the Favorites folder. The issue can impact other users when an administrator with sufficient privileges interacts wi...
CVE-2018-7679
CVE-2018-7679 is a remote code execution vulnerability in Micro Focus SBM. Connected CNVD/NVD entries describe SBM versions prior to 11.4 where ASP.NET is configured with execute permission on virtual directories and user avatar images are not validated, enabling an attacker to run arbitrary code...
CVE-2018-7683
CVE-2018-7683 affects Micro Focus Solutions Business Manager (SBM) prior to version 11.4, with an information disclosure exposing sensitive data via server log files. Multiple connected sources corroborate the same impact, referencing SBM before 11.4. The root cause, vulnerable component details,...
CVE-2018-19642
Technical details about CVE-2018-19642 are not publicly available in the provided connected documents. Monitoring for updates is recommended; current documents only confirm a Denial of Service issue in Micro Focus SBM prior to 11.5.
CVE-2018-7682
Micro Focus Solutions Business Manager (SBM) prior to version 11.4 is affected by a cross-domain call vulnerability affecting SBM RESTful services. The CVE entry notes that an attacker could invoke SBM RESTful endpoints across domains, implying potential information exposure or unintended access ...