A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
Max CVSS
6.8
EPSS Score
0.06%
Published
2018-11-13
Updated
2019-10-09
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. This vulnerability could allow for information disclosure.
Max CVSS
9.6
EPSS Score
0.23%
Published
2018-11-07
Updated
2019-10-09
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.
Max CVSS
8.8
EPSS Score
0.44%
Published
2018-10-23
Updated
2020-08-24
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-12-12
Updated
2018-12-31
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
Max CVSS
7.5
EPSS Score
0.08%
Published
2018-12-12
Updated
2019-10-03
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-12-12
Updated
2019-01-02
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-11-20
Updated
2018-12-26
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-11-15
Updated
2018-12-27
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
Max CVSS
7.5
EPSS Score
0.10%
Published
2018-10-12
Updated
2019-10-09
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
Max CVSS
9.1
EPSS Score
0.39%
Published
2018-08-01
Updated
2019-10-09

CVE-2018-12465

Public exploit
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
Max CVSS
9.1
EPSS Score
7.15%
Published
2018-06-29
Updated
2019-10-09

CVE-2018-12464

Public exploit
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
Max CVSS
10.0
EPSS Score
10.97%
Published
2018-06-29
Updated
2019-10-09
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-08-09
Updated
2021-04-13
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Max CVSS
6.5
EPSS Score
0.63%
Published
2018-12-13
Updated
2019-10-09
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
Max CVSS
6.5
EPSS Score
0.63%
Published
2018-12-13
Updated
2019-10-09
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.
Max CVSS
7.8
EPSS Score
0.05%
Published
2018-05-21
Updated
2019-10-09
Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.
Max CVSS
7.5
EPSS Score
0.65%
Published
2018-08-09
Updated
2021-04-13
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
Max CVSS
7.5
EPSS Score
0.17%
Published
2018-06-21
Updated
2021-04-09
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
Max CVSS
6.5
EPSS Score
0.07%
Published
2018-06-22
Updated
2021-04-09
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
Max CVSS
4.8
EPSS Score
0.05%
Published
2018-06-21
Updated
2021-04-09
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
Max CVSS
6.1
EPSS Score
0.08%
Published
2018-06-21
Updated
2021-04-09
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
Max CVSS
9.8
EPSS Score
1.78%
Published
2018-06-21
Updated
2021-04-09
In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing.
Max CVSS
5.3
EPSS Score
0.07%
Published
2018-03-07
Updated
2021-04-13
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
Max CVSS
8.8
EPSS Score
0.10%
Published
2018-09-20
Updated
2020-01-17
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
Max CVSS
9.8
EPSS Score
8.63%
Published
2018-08-30
Updated
2019-10-09
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!