Microfocus: Security Vulnerabilities
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-09
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
CVSS Score
9.1
EPSS Score
0.011
Published
2018-08-01
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
CVSS Score
10.0
EPSS Score
0.764
Published
2018-06-29
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
CVSS Score
9.1
EPSS Score
0.822
Published
2018-06-29
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-06-22
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.017
Published
2018-06-21
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-21
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-06-21
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-21
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).
CVSS Score
7.5
EPSS Score
0.002
Published
2018-06-16