Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microfocus vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-11842
Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated malicious users to view information they may not have been authorized to vi...
Microfocus Verastream Host Integrator
Microfocus Verastream Host Integrator 7.8
8.8
CVSSv3
CVE-2020-9523
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version before 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an malicious user to transmit hashed credentials for the u...
Microfocus Enterprise Developer 4.0
Microfocus Enterprise Developer 5.0
Microfocus Enterprise Developer
Microfocus Enterprise Server 4.0
Microfocus Enterprise Server 5.0
Microfocus Enterprise Server
8.8
CVSSv3
CVE-2020-9521
An SQL injection vulnerability exists in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the pr...
Microfocus Service Manager Automation 2019.05
Microfocus Service Manager Automation 2019.02
Microfocus Service Manager Automation 2018.08
Microfocus Service Manager Automation 2018.05
Microfocus Service Manager Automation 2018.02
Microfocus Service Manager Automation 2019.08
5.4
CVSSv3
CVE-2020-9520
A stored XSS vulnerability exists in Micro Focus Vibe, affecting all Vibe version before 4.0.7. The vulnerability could allows a remote malicious user to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker contr...
Microfocus Vibe
5.3
CVSSv3
CVE-2020-9518
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
Microfocus Service Manager
5.3
CVSSv3
CVE-2020-9519
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
Microfocus Service Manager
5.4
CVSSv3
CVE-2020-9517
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
Microfocus Service Manager 9.50
Microfocus Service Manager 9.60
1 Github repository
8.8
CVSSv3
CVE-2019-11657
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack.
Microfocus Arcsight Logger
7.5
CVSSv3
CVE-2019-17087
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.
Microfocus Acutoweb
6.5
CVSSv3
CVE-2019-17085
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Microfocus Operations Agent 12.01
Microfocus Operations Agent 12.02
Microfocus Operations Agent 12.03
Microfocus Operations Agent 12.04
Microfocus Operations Agent 12.05
Microfocus Operations Agent 12.06
Microfocus Operations Agent 12.10
Microfocus Operations Agent 12.11
Microfocus Operations Agent 12.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »