Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microfocus vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-1599
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x prior to 3.3.1 HF2 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Microfocus Self Service Password Reset 3.0
Microfocus Self Service Password Reset 2.0
Microfocus Self Service Password Reset 3.1
Microfocus Self Service Password Reset 3.3
Microfocus Self Service Password Reset 3.3.1
Microfocus Self Service Password Reset 3.2
8.8
CVSSv3
CVE-2020-11853
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9....
Microfocus Operations Bridge Manager 2020.05
Microfocus Operations Bridge Manager 2019.11
Microfocus Operations Bridge Manager 2019.05
Microfocus Operations Bridge Manager 2018.11
Microfocus Operations Bridge Manager 2018.05
Microfocus Operation Bridge Manager 10.11
Microfocus Operation Bridge Manager 10.12
Microfocus Operation Bridge Manager 10.60
Microfocus Operation Bridge Manager 10.61
Microfocus Operation Bridge Manager 10.62
Microfocus Operation Bridge Manager 10.63
Microfocus Operation Bridge Manager
Microfocus Operations Bridge Manager 2019.08
Microfocus Operations Bridge Manager 2018.08
Microfocus Operations Bridge Manager 2018.02
Microfocus Operations Bridge Manager 2017.11
Hp Universal Cmbd Foundation 10.20
Microfocus Application Performance Management 9.50
Microfocus Application Performance Management 9.40
Microfocus Application Performance Management 9.51
Microfocus Data Center Automation
Hp Universal Cmbd Foundation 2018.05
7.8
CVSSv3
CVE-2016-1990
HPE ArcSight ESM 5.x prior to 5.6, 6.0, 6.5.x prior to 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express prior to 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
Microfocus Arcsight Enterprise Security Manager
Microfocus Arcsight Enterprise Security Manager 6.0
Microfocus Arcsight Enterprise Security Manager 6.5
Microfocus Arcsight Enterprise Security Manager 6.9
Microfocus Arcsight Enterprise Security Manager 6.8
8
CVSSv3
CVE-2016-1991
HPE ArcSight ESM 5.x prior to 5.6, 6.0, 6.5.x prior to 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express prior to 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
Microfocus Arcsight Enterprise Security Manager 6.0
Microfocus Arcsight Enterprise Security Manager 6.8
Microfocus Arcsight Enterprise Security Manager
Microfocus Arcsight Enterprise Security Manager 6.5
Microfocus Arcsight Enterprise Security Manager 6.9
NA
CVE-2014-3460
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote malicious users to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
Microfocus Sentinel -
Microfocus Sentinel Agent Manager -
NA
CVE-2012-0432
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x prior to 8.8.7.2 allows remote malicious users to have an unspecified impact via unknown vectors.
Microfocus Edirectory 8.8.7.0
Microfocus Edirectory 8.8.7.1
2 EDB exploits
4.8
CVSSv3
CVE-2021-22499
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
Microfocus Application Performance Management 9.50
Microfocus Application Performance Management 9.40
Microfocus Application Performance Management 9.51
6.1
CVSSv3
CVE-2019-3490
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote malicious user to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions ...
Microfocus Open Enterprise Server 2015.1
Microfocus Open Enterprise Server 2018.0
Microfocus Open Enterprise Server 2018.1
9.8
CVSSv3
CVE-2018-6488
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
Microfocus Ucmdb Configuration Manager 4.10
Microfocus Ucmdb Configuration Manager 4.11
Microfocus Ucmdb Configuration Manager 4.12
6.5
CVSSv3
CVE-2021-22500
Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by malicious user to trick the users into executing actions of the attacker's choosing.
Microfocus Application Performance Management 9.50
Microfocus Application Performance Management 9.40
Microfocus Application Performance Management 9.51
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »