Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microfocus Subscribe
Total 267 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-3484 1 Microfocus 1 Imanager 2025-01-21 N/A 9.8 CRITICAL
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.
CVE-2024-3485 1 Microfocus 1 Imanager 2025-01-21 N/A 7.5 HIGH
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure.
CVE-2024-3483 1 Microfocus 1 Imanager 2025-01-21 N/A 9.8 CRITICAL
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
CVE-2024-3967 1 Microfocus 1 Imanager 2025-01-21 N/A 9.8 CRITICAL
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
CVE-2024-3968 1 Microfocus 1 Imanager 2025-01-21 N/A 9.8 CRITICAL
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
CVE-2024-3970 1 Microfocus 1 Imanager 2025-01-21 N/A 7.5 HIGH
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.
CVE-2023-24470 1 Microfocus 1 Arcsight Logger 2025-01-06 N/A 9.1 CRITICAL
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
CVE-2023-24469 1 Microfocus 1 Arcsight Logger 2025-01-03 N/A 6.1 MEDIUM
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0
CVE-2024-9841 1 Microfocus 2 Arcsight Management Center, Arcsight Platform 2024-11-13 N/A 6.1 MEDIUM
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
CVE-2020-11859 1 Microfocus 1 Imanager 2024-11-08 N/A 5.4 MEDIUM
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
CVE-2023-32261 1 Microfocus 1 Dimensions Cm 2024-10-29 N/A 6.5 MEDIUM
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
CVE-2024-4211 1 Microfocus 1 Application Automation Tools 2024-10-21 N/A 2.4 LOW
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVE-2024-4692 1 Microfocus 1 Application Automation Tools 2024-10-21 N/A 2.4 LOW
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVE-2024-4690 1 Microfocus 1 Application Automation Tools 2024-10-21 N/A 8.0 HIGH
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVE-2024-4184 1 Microfocus 1 Application Automation Tools 2024-10-21 N/A 8.0 HIGH
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVE-2024-4189 1 Microfocus 1 Application Automation Tools 2024-10-21 N/A 8.0 HIGH
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
CVE-2024-4554 1 Microfocus 1 Netiq Access Manager 2024-09-19 N/A 5.4 MEDIUM
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.
CVE-2021-22503 1 Microfocus 1 Edirectory 2024-09-19 N/A 6.1 MEDIUM
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000.
CVE-2021-22533 1 Microfocus 1 Edirectory 2024-09-19 N/A 9.1 CRITICAL
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
CVE-2021-22532 1 Microfocus 1 Edirectory 2024-09-19 N/A 7.5 HIGH
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000.