Vulnerabilities (CVE)

Vendor filter

Microfocus Subscribe

Product filter

Service Manager Subscribe

Filter

52 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11651 1 Microfocus 2 Enterprise Developer, Enterprise Server 2019-10-10 4.3
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a...
CVE-2019-11653 1 Microfocus 1 Content Manager 2019-10-10 5.5
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user?s CheckIn request.
CVE-2019-3475 1 Microfocus 1 Filr 2019-10-09 7.2
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3474 1 Microfocus 1 Filr 2019-10-09 4.0
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of...
CVE-2019-11654 1 Microfocus 1 Verastream Host Integrato 2019-10-09 5.0
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
CVE-2018-7691 1 Microfocus 1 Fortify Software Security Center 2019-10-09 4.0
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7690 1 Microfocus 1 Fortify Software Security Center 2019-10-09 4.0
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVE-2018-7687 1 Microfocus 1 Client 2019-10-09 4.6
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
CVE-2018-6497 1 Microfocus 1 Cms Server 2019-10-09 6.8
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could...
CVE-2018-6491 1 Microfocus 1 Ucmdb Configuration Manager 2019-10-09 7.2
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
CVE-2018-6487 1 Microfocus 1 Universal Cmdb Foundation Software 2019-10-09 5.0
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. This vulnerability could be remotely exploited to allow disclosure of information.
CVE-2018-18591 1 Microfocus 1 Service Manager 2019-10-09 4.0
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized...
CVE-2018-18590 1 Microfocus 1 Operations Bridge 2019-10-09 5.8
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
CVE-2018-18589 1 Microfocus 1 Real User Monitoring 2019-10-09 6.5
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
CVE-2018-12469 1 Microfocus 2 Enterprise Developer, Enterprise Server 2019-10-09 5.0
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12,...
CVE-2017-7424 1 Microfocus 2 Enterprise Server, Enterprise Developer 2019-10-09 4.0
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files...
CVE-2017-7423 1 Microfocus 2 Enterprise Server, Enterprise Developer 2019-10-09 6.8
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge...
CVE-2017-7421 1 Microfocus 4 Enterprise Server Monitor And Control, Enterprise Server, Enterprise Developer and 1 more 2019-10-09 4.3
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise...
CVE-2017-5187 1 Microfocus 4 Enterprise Server Monitor And Control, Enterprise Server, Enterprise Developer and 1 more 2019-10-09 6.8
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2...
CVE-2017-14362 1 Microfocus 1 Project And Portfolio Management 2019-10-09 6.8
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.