CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microfocus : Security Vulnerabilities Published In 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-11669 863 2019-09-10 2019-09-11
5.0
None Remote Low Not required None Partial None
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
2 CVE-2019-11668 200 +Info 2019-09-10 2019-09-11
5.0
None Remote Low Not required Partial None None
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.
3 CVE-2019-11667 200 +Info 2019-09-17 2019-09-18
5.0
None Remote Low Not required Partial None None
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.
4 CVE-2019-11666 502 2019-09-17 2019-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
5 CVE-2019-11665 200 +Info 2019-09-17 2019-09-18
5.0
None Remote Low Not required Partial None None
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
6 CVE-2019-11664 522 2019-09-18 2019-09-19
4.0
None Remote Low Single system Partial None None
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
7 CVE-2019-11663 522 2019-09-18 2019-09-19
4.0
None Remote Low Single system Partial None None
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
8 CVE-2019-11662 209 2019-09-18 2019-09-19
4.0
None Remote Low Single system Partial None None
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.
9 CVE-2019-11661 863 2019-09-18 2019-09-19
6.5
None Remote Low Single system Partial Partial Partial
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
10 CVE-2019-11660 269 2019-09-13 2019-09-16
7.2
None Local Low Not required Complete Complete Complete
Privileges manipulation in Micro Focus Data Protector, versions 10.00, 10.01, 10.02, 10.03, 10.04, 10.10, 10.20, 10.30, 10.40. This vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
11 CVE-2019-11658 200 +Info 2019-08-30 2019-08-30
4.0
None Remote Low Single system Partial None None
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.
12 CVE-2019-11654 22 Dir. Trav. 2019-08-23 2019-10-09
5.0
None Remote Low Not required Partial None None
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.
13 CVE-2019-11653 284 Bypass 2019-08-07 2019-10-10
5.5
None Remote Low Single system Partial Partial None
Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user?s CheckIn request.
14 CVE-2019-11651 79 XSS 2019-10-02 2019-10-10
4.3
None Remote Medium Not required None Partial None
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
15 CVE-2019-11649 79 Exec Code XSS 2019-06-19 2019-10-10
3.5
None Remote Medium Single system None Partial None
Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user?s browser. The vulnerability could be exploited to execute JavaScript code in user?s browser.
16 CVE-2019-11647 79 XSS 2019-06-24 2019-07-09
4.3
None Remote Medium Not required None Partial None
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
17 CVE-2019-11646 77 Exec Code 2019-06-03 2019-06-04
9.0
None Remote Low Single system Complete Complete Complete
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.
18 CVE-2019-3493 94 Exec Code 2019-04-29 2019-05-01
6.5
None Remote Low Single system Partial Partial Partial
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions. The vulnerability could be remotely exploited to Remote Code Execution.
19 CVE-2019-3490 79 XSS 2019-05-02 2019-05-06
4.3
None Remote Medium Not required None Partial None
A DOM based XSS vulnerability has been identified in the Netstorage component of Open Enterprise Server (OES) allowing a remote attacker to execute javascript in the victims browser by tricking the victim into clicking on a specially crafted link. This affects OES versions OES2015SP1, OES2018, and OES2018SP1. Older versions may be affected but were not tested as they are out of support.
20 CVE-2019-3489 434 2019-04-01 2019-04-02
5.0
None Remote Low Not required None Partial None
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the Content Manager server.
21 CVE-2019-3477 601 2019-06-07 2019-06-10
5.8
None Remote Medium Not required Partial Partial None
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
22 CVE-2019-3475 284 2019-02-20 2019-10-09
7.2
None Local Low Not required Complete Complete Complete
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
23 CVE-2019-3474 22 Dir. Trav. 2019-02-20 2019-10-09
4.0
None Remote Low Single system Partial None None
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
24 CVE-2018-19644 79 XSS 2019-03-27 2019-10-09
4.3
None Remote Medium Not required None Partial None
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
25 CVE-2018-19643 200 +Info 2019-03-27 2019-10-09
5.0
None Remote Low Not required Partial None None
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
26 CVE-2018-19642 20 DoS 2019-03-27 2019-10-09
5.0
None Remote Low Not required None None Partial
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
27 CVE-2018-19641 94 Exec Code 2019-03-27 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
28 CVE-2016-1600 200 +Info 2019-05-09 2019-05-10
5.0
None Remote Low Not required Partial None None
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.