Filtered by vendor Microfocus
Subscribe
Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5765 | 1 Microfocus | 4 Host Access Management And Security Server, Reflection For The Web, Reflection Security Gateway and 1 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 ...
Show More |
|||||
| CVE-2014-5216 | 1 Microfocus | 1 Access Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
|
|||||
| CVE-2016-5764 | 1 Microfocus | 1 Rumba Ftp | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server.
|
|||||
| CVE-2016-9176 | 1 Microfocus | 1 Rumba | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
|
|||||
| CVE-2014-5214 | 1 Microfocus | 1 Access Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
|
nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2012-5932 | 1 Microfocus | 1 Privileged User Manager | 2025-04-11 | 10.0 HIGH | N/A |
|
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
|
|||||
| CVE-2013-4815 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-5931 | 1 Microfocus | 1 Privileged User Manager | 2025-04-11 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
|
|||||
| CVE-2012-0428 | 1 Microfocus | 1 Edirectory | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2012-5930 | 1 Microfocus | 1 Privileged User Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 does not require authentication for the modifyAccounts method, which allows remote attackers to change the passwords of administrative accounts via a crafted application/x-amf request.
|
|||||
| CVE-2012-0432 | 1 Microfocus | 1 Edirectory | 2025-04-11 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
|
|||||
| CVE-2012-0430 | 1 Microfocus | 1 Edirectory | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors.
|
|||||
| CVE-2012-0429 | 1 Microfocus | 1 Edirectory | 2025-04-11 | 4.0 MEDIUM | N/A |
|
dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request.
|
|||||
| CVE-2023-24467 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000.
|
|||||
| CVE-2023-24466 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 7.5 HIGH |
|
Possible XML External Entity Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0200.
|
|||||
| CVE-2021-38117 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
|
|||||
| CVE-2022-26324 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 7.6 HIGH |
|
Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.6.0000.
|
|||||
| CVE-2021-38116 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 8.8 HIGH |
|
Possible Elevation of Privilege Vulnerability
in iManager has been discovered in
OpenText™ iManager. This impacts all versions before 3.2.5
|
|||||
| CVE-2021-38119 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 6.1 MEDIUM |
|
Possible Reflected Cross-Site Scripting (XSS) Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
|
|||||
| CVE-2021-38134 | 1 Microfocus | 1 Imanager | 2025-04-10 | N/A | 6.1 MEDIUM |
|
Possible XSS in iManager URL for access Component has been discovered in
OpenText™ iManager 3.2.5.0000.
|
|||||
| CVE-2008-7126 | 1 Microfocus | 1 Visibroker | 2025-04-09 | 10.0 HIGH | N/A |
|
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2008-7127 | 1 Microfocus | 1 Visibroker | 2025-04-09 | 5.0 MEDIUM | N/A |
|
osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet with a large string length value to UDP port 14000, which triggers a memory allocation failure that is not properly handled.
|
|||||
| CVE-2001-0208 | 1 Microfocus | 1 Cobol | 2025-04-03 | 4.6 MEDIUM | N/A |
|
MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files.
|
|||||
| CVE-2024-0622 | 1 Microfocus | 1 Operations Agent | 2025-01-23 | N/A | 8.8 HIGH |
|
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
|
|||||
| CVE-2024-3486 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
|
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
|
|||||
| CVE-2024-3487 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 3.5 LOW |
|
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This
vulnerability allows an attacker to manipulate certain parameters to bypass
authentication.
|
|||||
| CVE-2024-3488 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.6 MEDIUM |
|
File Upload vulnerability in unauthenticated
session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a
file without authentication.
|
|||||
| CVE-2024-3969 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
|
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
|
|||||
| CVE-2024-4429 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.4 MEDIUM |
|
Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to sensitive information disclosure.
|
|||||
| CVE-2024-3484 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.7 MEDIUM |
|
Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation
or file disclosure.
|
|||||
| CVE-2024-3485 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.3 MEDIUM |
|
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure.
|
|||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
|
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
|
|||||
| CVE-2024-3967 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.6 HIGH |
|
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution unisng unsafe java object deserialization.
|
|||||
| CVE-2024-3968 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 7.8 HIGH |
|
Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.
|
|||||
| CVE-2024-3970 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 5.3 MEDIUM |
|
Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This
could lead to senstive information disclosure by directory traversal.
|
|||||
| CVE-2023-24470 | 1 Microfocus | 1 Arcsight Logger | 2025-01-06 | N/A | 9.1 CRITICAL |
|
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
|
|||||
| CVE-2023-24469 | 1 Microfocus | 1 Arcsight Logger | 2025-01-03 | N/A | 6.1 MEDIUM |
|
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0
|
|||||
| CVE-2023-5913 | 1 Microfocus | 1 Fortify Scancentral Dast | 2024-11-21 | N/A | 8.2 HIGH |
|
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
|
|||||
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2024-11-21 | N/A | 8.2 HIGH |
|
Potential open redirect vulnerability
in opentext Service Management Automation X
(SMAX) versions 2020.05, 2020.08,
2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset
Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The
vulnerability could allow attackers to redirect a user to
malicious websites.
|
|||||
| CVE-2023-4501 | 1 Microfocus | 5 Cobol Server, Enterprise Developer, Enterprise Server and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the p ...
Show More |
|||||