Filtered by vendor Microfocus
Subscriptions
Total
221 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11647 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2023-11-07 | N/A |
| A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. | ||||
| CVE-2019-11646 | 1 Microfocus | 1 Service Manager | 2023-11-07 | N/A |
| Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | ||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2023-11-07 | N/A |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | ||||
| CVE-2018-7691 | 1 Microfocus | 1 Fortify Software Security Center | 2023-11-07 | N/A |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | ||||
| CVE-2018-7690 | 1 Microfocus | 1 Fortify Software Security Center | 2023-11-07 | N/A |
| A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access | ||||
| CVE-2018-7687 | 1 Microfocus | 1 Client | 2023-11-07 | N/A |
| The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | ||||
| CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2023-11-07 | N/A |
| Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | ||||
| CVE-2018-7683 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | ||||
| CVE-2018-7682 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | ||||
| CVE-2018-7681 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system. | ||||
| CVE-2018-7680 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | ||||
| CVE-2018-7679 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | N/A |
| Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | ||||
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2023-11-07 | N/A |
| In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | ||||
| CVE-2018-6504 | 1 Microfocus | 1 Arcsight Management Center | 2023-11-07 | 8.8 High |
| A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF). | ||||
| CVE-2018-6499 | 1 Microfocus | 9 Autopass License Server, Data Center Automation, Hybrid Cloud Management and 6 more | 2023-11-07 | N/A |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | ||||
| CVE-2018-6498 | 1 Microfocus | 5 Data Center Automation, Hybrid Cloud Management, Network Operations Management and 2 more | 2023-11-07 | N/A |
| Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | ||||
| CVE-2018-6497 | 1 Microfocus | 2 Cms Server, Universal Cmbd Server | 2023-11-07 | 8.8 High |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | ||||
| CVE-2018-6496 | 1 Microfocus | 1 Universal Cmbd Browser | 2023-11-07 | 8.8 High |
| Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | ||||
| CVE-2018-6495 | 1 Microfocus | 3 Cms Server, Universal Cmdb, Universal Cmdb Browser | 2023-11-07 | 5.4 Medium |
| Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). | ||||
| CVE-2018-6494 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 5.4 Medium |
| Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | ||||