Microfocus: Security Vulnerabilities
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-09-10
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.
CVSS Score
4.3
EPSS Score
0.002
Published
2019-08-30
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
CVSS Score
8.6
EPSS Score
0.014
Published
2019-08-23
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
CVSS Score
5.4
EPSS Score
0.001
Published
2019-08-07
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
CVSS Score
5.9
EPSS Score
0.003
Published
2019-07-10
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-24
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-06-19
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-07
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-06-03