Latest Microfocus Vulnerabilities

CVE-2023-32268
Administrator equivalent Filr user can access proxy administrator credentials
Microfocus Filr<23.2.1
CVE-2023-5913
A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.
Microfocus Fortify Scancentral Dast=21.1
Microfocus Fortify Scancentral Dast=21.2
Microfocus Fortify Scancentral Dast=21.2.1
Microfocus Fortify Scancentral Dast=22.1
Microfocus Fortify Scancentral Dast=22.1.1
Microfocus Fortify Scancentral Dast=22.2
and 1 more
CVE-2023-4964
Potential open redirect vulnerability in opentext SMAX and AMX product.
Microfocus Asset Management X=2021.08
Microfocus Asset Management X=2021.11
Microfocus Asset Management X=2022.05
Microfocus Asset Management X=2022.11
Microfocus Service Management Automation X=2020.05
Microfocus Service Management Automation X=2020.08
and 7 more
CVE-2023-4501
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants ...
Microfocus Cobol Server=7.0-patch_update_19
Microfocus Cobol Server=7.0-patch_update_20
Microfocus Cobol Server=8.0-patch_update_8
Microfocus Cobol Server=8.0-patch_update_9
Microfocus Cobol Server=9.0-patch_update_1
Microfocus Enterprise Developer=7.0-patch_update_19
and 19 more
CVE-2023-32267
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.
Microfocus Arcsight Management Center<3.2.1
CVE-2023-32265
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Vi...
Microfocus Cobol Server=6.0
Microfocus Cobol Server=7.0
Microfocus Cobol Server=8.0
Microfocus Enterprise Developer=6.0
Microfocus Enterprise Developer=7.0
Microfocus Enterprise Developer=8.0
and 9 more
CVE-2023-32262
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials ...
Microfocus Dimensions Cm>=0.8.17<0.9.3.1
maven/org.jenkins-ci.plugins:dimensionsscm<=0.9.3
CVE-2023-32263
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is dup...
Microfocus Dimensions Cm>=0.8.17<=0.9.3
maven/org.jenkins-ci.plugins:dimensionsscm>=0.8.17<=0.9.3
>=0.8.17<=0.9.3
CVE-2023-32261
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of cred...
Microfocus Dimensions Cm>=0.8.17<0.9.3.1
maven/org.jenkins-ci.plugins:dimensionsscm<=0.9.3
CVE-2023-24470
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
Microfocus Arcsight Logger<7.3.0
CVE-2023-24469
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0
Microfocus Arcsight Logger<=7.3.0
CVE-2022-38757
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set...
Microfocus Zenworks<2020
Microfocus Zenworks=2020
Microfocus Zenworks=2020-update1
Microfocus Zenworks=2020-update2
Microfocus Zenworks=2020-update3
Microfocus Zenworks=2020-update3a
CVE-2022-38756
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the q...
Microfocus Groupwise<18.4.2
CVE-2022-38754
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user t...
Micro Focus Operations Bridge Manager<2022.11
Micro Focus Operations Bridge Manager<2022.11
CVE-2022-38753
This update resolves a multi-factor authentication bypass attack
Microfocus Netiq Advanced Authentication<6.4
Microfocus Netiq Advanced Authentication=6.4
CVE-2022-38755
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the sy...
Microfocus Filr<4.3.1.1
CVE-2022-26330
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). ...
Microfocus Arcsight Logger<7.2.2
CVE-2022-26331
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). ...
Microfocus Arcsight Logger<7.2.2
CVE-2021-22531
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
Microfocus Access Manager=4.5
Microfocus Access Manager=4.5-hotfix1
Microfocus Access Manager=4.5-sp1
Microfocus Access Manager=4.5-sp1_hotfix1
Microfocus Access Manager=4.5-sp1_hotfix2
Microfocus Access Manager=4.5-sp2
and 9 more
CVE-2022-26326
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
Microfocus Netiq Access Manager<5.0.2
CVE-2021-38125
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the depl...
Micro Focus Operations Bridge Manager>=2021.08
Micro Focus Operations Bridge Manager=2021.05
CVE-2021-38130
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an informati...
Microfocus Voltage Securemail<7.3.0.1
CVE-2021-38129
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local...
Microfocus Operations Agent>=12.0<=12.21
CVE-2021-38126
Microfocus Arcsight Enterprise Security Manager=7.4
Microfocus Arcsight Enterprise Security Manager=7.5
CVE-2021-38127
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cro...
Microfocus Arcsight Enterprise Security Manager=7.4
Microfocus Arcsight Enterprise Security Manager=7.5
CVE-2021-22535
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could ...
Microfocus Netiq Directory And Resource Administrator<10.1.0.1
CVE-2021-38124
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote co...
Microfocus Arcsight Enterprise Security Manager>=7.0.2<=7.5
CVE-2021-22527
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Microfocus Access Manager>=4.5.0<4.5.4
Microfocus Access Manager>=5.0<5.0.1
CVE-2021-22528
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Microfocus Access Manager>=4.5.0<4.5.4
Microfocus Access Manager>=5.0<5.0.1
CVE-2021-22526
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Microfocus Access Manager>=4.5.0<4.5.4
Microfocus Access Manager>=5.0<5.0.1
CVE-2021-22524
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Microfocus Access Manager>=4.5.0<4.5.4
Microfocus Access Manager>=5.0<5.0.1
CVE-2021-22525
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
Microfocus Access Manager<5.0.1
CVE-2021-22523
Microfocus Verastream Host Integrator<7.8
Microfocus Verastream Host Integrator=7.8
Microfocus Verastream Host Integrator=7.8-update_1
CVE-2021-22522
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confide...
Microfocus Verastream Host Integrator<7.8
Microfocus Verastream Host Integrator=7.8
Microfocus Verastream Host Integrator=7.8-update_1
CVE-2021-22515
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
Microfocus Netiq Advanced Authentication<6.3
Microfocus Netiq Advanced Authentication=6.3
Microfocus Netiq Advanced Authentication=6.3-sp1
Microfocus Netiq Advanced Authentication=6.3-sp2
Microfocus Netiq Advanced Authentication=6.3-sp3
Microfocus Netiq Advanced Authentication=6.3-sp4
CVE-2021-22516
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being i...
Microfocus Secure Api Manager=2.0.0
CVE-2021-22519
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), ...
Microfocus Sitescope=11.40
Microfocus Sitescope=11.41
Microfocus Sitescope=11.50
Microfocus Sitescope=11.51
Microfocus Sitescope=11.60
Microfocus Sitescope=11.70
and 5 more
CVE-2021-22514
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute ar...
Microfocus Application Performance Management=9.40
Microfocus Application Performance Management=9.50
Microfocus Application Performance Management=9.51
CVE-2021-22497
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
Microfocus Netiq Advanced Authentication<6.3
Microfocus Netiq Advanced Authentication=6.3
Microfocus Netiq Advanced Authentication=6.3-sp1
Microfocus Netiq Advanced Authentication=6.3-sp2
Microfocus Netiq Advanced Authentication=6.3-sp3
CVE-2021-22510
Microfocus Application Automation Tools<=6.7
maven/org.jenkins-ci.plugins:hp-application-automation-tools-plugin<=6.7
CVE-2021-22512
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could...
Microfocus Application Automation Tools<=6.7
maven/org.jenkins-ci.plugins:hp-application-automation-tools-plugin<=6.7
CVE-2021-22513
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The vulnerability affects version 6.7 and earlier versions. The vulnerability could allow acces...
Microfocus Application Automation Tools<=6.7
maven/org.jenkins-ci.plugins:hp-application-automation-tools-plugin<=6.7
CVE-2021-22507
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authe...
Micro Focus Operations Bridge Manager=2019.05
Micro Focus Operations Bridge Manager=2019.11
Micro Focus Operations Bridge Manager=2020.05
Micro Focus Operations Bridge Manager=2020.10
CVE-2020-25840
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
Microfocus Access Manager<5.0
CVE-2021-22506
Micro Focus Access Manager Information Leakage Vulnerability
Microfocus Access Manager<5.0
CVE-2021-22496
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
Microfocus Access Manager<4.5.3.3
CVE-2019-18943
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
Microfocus Solutions Business Manager<11.7.1
CVE-2019-18946
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
Microfocus Solutions Business Manager<11.7.1
CVE-2019-18942
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
Microfocus Solutions Business Manager<11.7.1
CVE-2019-18945
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
Microfocus Solutions Business Manager<11.7.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203