CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microfocus : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-17087 200 +Info 2019-12-11 2019-12-19
5.0
None Remote Low Not required Partial None None
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.
2 CVE-2019-17085 611 2019-11-18 2019-11-21
4.0
None Remote Low ??? None None Partial
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
3 CVE-2019-11674 295 2019-10-22 2019-10-24
4.3
None Remote Medium Not required None Partial None
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack.
4 CVE-2019-11669 2019-09-10 2020-08-24
5.0
None Remote Low Not required None Partial None
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
5 CVE-2019-11668 2019-09-10 2020-08-24
5.0
None Remote Low Not required Partial None None
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.
6 CVE-2019-11667 2019-09-17 2020-08-24
5.0
None Remote Low Not required Partial None None
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.
7 CVE-2019-11666 502 2019-09-17 2019-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
8 CVE-2019-11665 2019-09-17 2020-08-24
5.0
None Remote Low Not required Partial None None
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
9 CVE-2019-11664 522 2019-09-18 2019-09-19
4.0
None Remote Low ??? Partial None None
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
10 CVE-2019-11663 522 2019-09-18 2019-09-19
4.0
None Remote Low ??? Partial None None
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
11 CVE-2019-11662 209 2019-09-18 2019-09-19
4.0
None Remote Low ??? Partial None None
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.
12 CVE-2019-11661 2019-09-18 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
13 CVE-2019-11660 426 2019-09-13 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
14 CVE-2019-11658 200 +Info 2019-08-30 2019-08-30
4.0
None Remote Low ??? Partial None None
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.
15 CVE-2019-11657 352 CSRF 2019-12-17 2019-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack.
16 CVE-2019-11654 22 Dir. Trav. 2019-08-23 2021-05-12
5.0
None Remote Low Not required Partial None None
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
17 CVE-2019-11653 Bypass 2019-08-07 2020-08-24
5.5
None Remote Low ??? Partial Partial None
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request.
18 CVE-2019-11652 Bypass 2019-08-14 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate.
19 CVE-2019-11651 79 XSS 2019-10-02 2019-10-10
4.3
None Remote Medium Not required None Partial None
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
20 CVE-2019-11650 2019-07-10 2020-08-24
4.3
None Remote Medium Not required None None Partial
A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.
21 CVE-2019-11649 79 Exec Code XSS 2019-06-19 2021-05-12
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser.
22 CVE-2019-11647 79 XSS 2019-06-24 2019-07-09
4.3
None Remote Medium Not required None Partial None
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
23 CVE-2019-11646 Exec Code 2019-06-03 2020-08-24
9.0
None Remote Low ??? Complete Complete Complete
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.
24 CVE-2019-5736 78 Exec Code 2019-02-11 2021-04-13
9.3
None Remote Medium Not required Complete Complete Complete
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
25 CVE-2019-3493 94 Exec Code 2019-04-29 2019-05-01
6.5
None Remote Low ??? Partial Partial Partial
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution.
26 CVE-2019-3490 79 XSS 2019-05-02 2019-05-06
4.3
None Remote Medium Not required None Partial None
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.
27 CVE-2019-3489 434 2019-04-01 2019-04-02
5.0
None Remote Low Not required None Partial None
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.
28 CVE-2019-3477 601 2019-06-07 2019-06-10
5.8
None Remote Medium Not required Partial Partial None
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
29 CVE-2019-3476 20 Exec Code 2019-03-25 2019-03-26
7.5
None Remote Low Not required Partial Partial Partial
Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution.
30 CVE-2018-19645 287 Bypass 2019-02-12 2019-02-13
7.5
None Remote Low Not required Partial Partial Partial
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
31 CVE-2018-19644 79 XSS 2019-03-27 2019-10-09
4.3
None Remote Medium Not required None Partial None
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
32 CVE-2018-19643 200 +Info 2019-03-27 2019-10-09
5.0
None Remote Low Not required Partial None None
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
33 CVE-2018-19642 20 DoS 2019-03-27 2019-10-09
5.0
None Remote Low Not required None None Partial
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
34 CVE-2018-19641 94 Exec Code 2019-03-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
35 CVE-2016-9166 264 2019-03-21 2019-03-27
5.0
None Remote Low Not required None Partial None
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
36 CVE-2016-1600 200 +Info 2019-05-09 2019-05-10
5.0
None Remote Low Not required Partial None None
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.