Filtered by vendor Microfocus
Subscribe
Total
268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8993 | 1 Microfocus | 1 Project And Portfolio Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.
|
|||||
| CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
|
|||||
| CVE-2016-9166 | 1 Microfocus | 1 Netiq Edirectory | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
|
|||||
| CVE-2016-1600 | 1 Microfocus | 1 Identity Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
|
|||||
| CVE-2009-5153 | 1 Microfocus | 1 Netware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.
|
|||||
| CVE-2024-9841 | 1 Microfocus | 2 Arcsight Management Center, Arcsight Platform | 2024-11-13 | N/A | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
|
|||||
| CVE-2020-11859 | 1 Microfocus | 1 Imanager | 2024-11-08 | N/A | 5.4 MEDIUM |
|
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
|
|||||
| CVE-2024-4211 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 2.4 LOW |
|
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers.
This issue affects OpenText Appli ...
Show More |
|||||
| CVE-2024-4692 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 2.4 LOW |
|
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels.
Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names.
This issue affects OpenText Application Automation Tools: 24.1 ...
Show More |
|||||
| CVE-2024-4690 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
|
|||||
| CVE-2024-4184 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
|
|||||
| CVE-2024-4189 | 1 Microfocus | 1 Application Automation Tools | 2024-10-21 | N/A | 8.0 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
|
|||||
| CVE-2021-22503 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 6.1 MEDIUM |
|
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.3.0000.
|
|||||
| CVE-2021-22533 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 9.1 CRITICAL |
|
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.4.0000.
|
|||||
| CVE-2021-22532 | 1 Microfocus | 1 Edirectory | 2024-09-19 | N/A | 7.5 HIGH |
|
Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText™
eDirectory before 9.2.4.0000.
|
|||||
| CVE-2021-38133 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 6.5 MEDIUM |
|
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
|
|||||
| CVE-2021-38132 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 9.8 CRITICAL |
|
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
|
|||||
| CVE-2021-38131 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 6.1 MEDIUM |
|
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000.
|
|||||
| CVE-2021-22509 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 6.5 MEDIUM |
|
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
|
|||||
| CVE-2021-38120 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 7.2 HIGH |
|
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper
handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
|
|||||
| CVE-2021-38121 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.8 HIGH |
|
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
|
|||||
| CVE-2021-38122 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 8.2 HIGH |
|
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.
This issue affects NetIQ Advance Authentication before 6.3.5.1
|
|||||
| CVE-2021-22529 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 5.5 MEDIUM |
|
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
|
|||||
| CVE-2021-22530 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-09-13 | N/A | 9.9 CRITICAL |
|
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
|
|||||
| CVE-2024-4556 | 1 Microfocus | 1 Netiq Access Manager | 2024-09-12 | N/A | 7.5 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
|
|||||
| CVE-2020-11847 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.8 HIGH |
|
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
|
|||||
| CVE-2020-11846 | 1 Microfocus | 1 Netiq Privileged Access Manager | 2024-08-23 | N/A | 7.5 HIGH |
|
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
|
|||||
| CVE-2020-11850 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-23 | N/A | 6.1 MEDIUM |
|
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
|
|||||