Filtered by vendor Microfocus
Subscribe
Total
221 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-12469 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | |||||
CVE-2018-18590 | 1 Microfocus | 1 Operations Bridge | 2023-12-10 | 5.8 MEDIUM | 8.8 HIGH |
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure. | |||||
CVE-2019-3474 | 2 Microfocus, Suse | 2 Filr, Suse Linux Enterprise Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. | |||||
CVE-2018-18589 | 1 Microfocus | 1 Real User Monitoring | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code. | |||||
CVE-2018-6504 | 1 Microfocus | 1 Arcsight Management Center | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF). | |||||
CVE-2018-17952 | 1 Microfocus | 1 Edirectory | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | |||||
CVE-2018-17950 | 1 Microfocus | 1 Edirectory | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2 | |||||
CVE-2018-17949 | 1 Microfocus | 1 Imanager | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross site scripting vulnerability in iManager prior to 3.1 SP2. | |||||
CVE-2018-12468 | 1 Microfocus | 1 Groupwise | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution. | |||||
CVE-2018-19645 | 1 Microfocus | 1 Solutions Business Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
CVE-2018-18591 | 1 Microfocus | 1 Service Manager | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||||
CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | |||||
CVE-2018-6499 | 1 Microfocus | 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | |||||
CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | |||||
CVE-2018-6489 | 1 Microfocus | 1 Project And Portfolio Management Center | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) | |||||
CVE-2017-8993 | 1 Microfocus | 1 Project And Portfolio Management | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | |||||
CVE-2018-6488 | 1 Microfocus | 1 Ucmdb Configuration Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution. | |||||
CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | |||||
CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | |||||
CVE-2018-7681 | 1 Microfocus | 1 Solutions Business Manager | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. |