Filtered by vendor Microfocus
Subscribe
Total
267 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3476 | 1 Microfocus | 1 Data Protector | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | |||||
| CVE-2019-18942 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 2.3 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. | |||||
| CVE-2019-18945 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 5.2 MEDIUM | 8.0 HIGH |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. | |||||
| CVE-2019-18947 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 2.7 LOW | 3.5 LOW |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. | |||||
| CVE-2019-18943 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 5.2 MEDIUM | 8.0 HIGH |
| Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | |||||
| CVE-2019-18946 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 3.8 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. | |||||
| CVE-2019-18944 | 1 Microfocus | 1 Solutions Business Manager | 2023-11-07 | 2.3 LOW | 4.8 MEDIUM |
| Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. | |||||
| CVE-2019-17087 | 1 Microfocus | 1 Acutoweb | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | |||||
| CVE-2019-17085 | 1 Microfocus | 1 Operations Agent | 2023-11-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent. | |||||
| CVE-2019-11651 | 1 Microfocus | 2 Enterprise Developer, Enterprise Server | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. | |||||
| CVE-2019-11658 | 1 Microfocus | 1 Content Manager | 2023-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. | |||||
| CVE-2019-11665 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure. | |||||
| CVE-2019-11646 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. | |||||
| CVE-2019-11668 | 1 Microfocus | 3 Service Manager, Service Manager Chat Server, Service Manager Chat Service | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. | |||||
| CVE-2019-11660 | 1 Microfocus | 1 Data Protector | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. | |||||
| CVE-2019-11652 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. | |||||
| CVE-2019-11654 | 1 Microfocus | 1 Verastream Host Integrator | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. | |||||
| CVE-2019-11661 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 6.5 MEDIUM | 8.3 HIGH |
| Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data. | |||||
| CVE-2019-11666 | 1 Microfocus | 1 Service Manager | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data. | |||||
| CVE-2019-11657 | 1 Microfocus | 1 Arcsight Logger | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. | |||||