Microfocus: Security Vulnerabilities
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow remote attackers to execute arbitrary code on affected installations of SiteScope.
CVSS Score
9.8
EPSS Score
0.018
Published
2021-05-28
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
CVSS Score
9.8
EPSS Score
0.018
Published
2021-04-28
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15. The vulnerability could be exploited to escalate privileges and execute code under the account of the Operations Agent.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-04-13
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
CVSS Score
3.8
EPSS Score
0.002
Published
2021-04-12
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects all version 6.7 and earlier versions.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-04-08
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow unconditionally disabling of SSL/TLS certificates.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-08
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow form validation without permission checks.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-08
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow access without permission checks.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-04-08
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-04-08
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-03-26