Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microfocus vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-1599
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x prior to 3.3.1 HF2 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Microfocus Self Service Password Reset 3.0
Microfocus Self Service Password Reset 2.0
Microfocus Self Service Password Reset 3.1
Microfocus Self Service Password Reset 3.3
Microfocus Self Service Password Reset 3.3.1
Microfocus Self Service Password Reset 3.2
8.8
CVSSv3
CVE-2020-11853
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9....
Microfocus Operations Bridge Manager 2020.05
Microfocus Operations Bridge Manager 2019.11
Microfocus Operations Bridge Manager 2019.05
Microfocus Operations Bridge Manager 2018.11
Microfocus Operations Bridge Manager 2018.05
Microfocus Operation Bridge Manager 10.11
Microfocus Operation Bridge Manager 10.12
Microfocus Operation Bridge Manager 10.60
Microfocus Operation Bridge Manager 10.61
Microfocus Operation Bridge Manager 10.62
Microfocus Operation Bridge Manager 10.63
Microfocus Operation Bridge Manager
Microfocus Operations Bridge Manager 2019.08
Microfocus Operations Bridge Manager 2018.08
Microfocus Operations Bridge Manager 2018.02
Microfocus Operations Bridge Manager 2017.11
Hp Universal Cmbd Foundation 10.20
Microfocus Application Performance Management 9.50
Microfocus Application Performance Management 9.40
Microfocus Application Performance Management 9.51
Microfocus Data Center Automation
Hp Universal Cmbd Foundation 2018.05
8
CVSSv3
CVE-2016-1991
HPE ArcSight ESM 5.x prior to 5.6, 6.0, 6.5.x prior to 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express prior to 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
Microfocus Arcsight Enterprise Security Manager 6.0
Microfocus Arcsight Enterprise Security Manager 6.8
Microfocus Arcsight Enterprise Security Manager
Microfocus Arcsight Enterprise Security Manager 6.5
Microfocus Arcsight Enterprise Security Manager 6.9
7.8
CVSSv3
CVE-2016-1990
HPE ArcSight ESM 5.x prior to 5.6, 6.0, 6.5.x prior to 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express prior to 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
Microfocus Arcsight Enterprise Security Manager
Microfocus Arcsight Enterprise Security Manager 6.0
Microfocus Arcsight Enterprise Security Manager 6.5
Microfocus Arcsight Enterprise Security Manager 6.9
Microfocus Arcsight Enterprise Security Manager 6.8
NA
CVE-2012-0432
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x prior to 8.8.7.2 allows remote malicious users to have an unspecified impact via unknown vectors.
Microfocus Edirectory 8.8.7.0
Microfocus Edirectory 8.8.7.1
2 EDB exploits
NA
CVE-2014-3460
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote malicious users to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
Microfocus Sentinel -
Microfocus Sentinel Agent Manager -
9.8
CVSSv3
CVE-2021-22514
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote malicious users to execute arbitrary code on affected installations of APM.
Microfocus Application Performance Management 9.50
Microfocus Application Performance Management 9.40
Microfocus Application Performance Management 9.51
9.8
CVSSv3
CVE-2018-6488
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution.
Microfocus Ucmdb Configuration Manager 4.10
Microfocus Ucmdb Configuration Manager 4.11
Microfocus Ucmdb Configuration Manager 4.12
7.5
CVSSv3
CVE-2019-11654
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and previous versions, The vulnerability allows remote unauthenticated malicious users to read arbitrary files.
Microfocus Verastream Host Integrator 7.5
Microfocus Verastream Host Integrator 7.6
Microfocus Verastream Host Integrator 7.7
5.4
CVSSv3
CVE-2017-14363
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).
Microfocus Operations Manager I 10.60
Microfocus Operations Manager I 10.61
Microfocus Operations Manager I 10.62
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »