Microfocus: Security Vulnerabilities
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-20
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-15
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
CVSS Score
6.8
EPSS Score
0.002
Published
2018-11-13
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
CVSS Score
9.6
EPSS Score
0.002
Published
2018-11-07
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
CVSS Score
6.3
EPSS Score
0.015
Published
2018-10-23
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-10-12
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-20
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
CVSS Score
8.8
EPSS Score
0.033
Published
2018-08-30
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
CVSS Score
7.1
EPSS Score
0.016
Published
2018-08-30
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-09