Vulnerabilities > Microfocus

DATE CVE VULNERABILITY TITLE RISK
2021-07-12 CVE-2021-22515 Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.
network
low complexity
microfocus CWE-863
4.0
2021-06-04 CVE-2021-22516 Information Exposure Through LOG Files vulnerability in Microfocus Secure API Manager 2.0.0
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0.
network
low complexity
microfocus CWE-532
5.0
2021-05-28 CVE-2021-22519 Code Injection vulnerability in Microfocus Sitescope
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93).
network
low complexity
microfocus CWE-94
7.5
2021-04-28 CVE-2021-22514 Code Injection vulnerability in Microfocus Application Performance Management 9.40/9.50/9.51
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51.
network
low complexity
microfocus CWE-94
7.5
2021-04-08 CVE-2021-22513 Missing Authorization vulnerability in Microfocus Application Automation Tools
Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.
network
low complexity
microfocus CWE-862
4.0
2021-04-08 CVE-2021-22512 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Application Automation Tools
Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.
4.3
2021-04-08 CVE-2021-22511 Improper Certificate Validation vulnerability in Microfocus Application Automation Tools
Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.
network
low complexity
microfocus CWE-295
6.4
2021-04-08 CVE-2021-22510 Cross-Site Scripting vulnerability in Microfocus Application Automation Tools
Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin.
network
microfocus CWE-79
4.3
2021-04-08 CVE-2021-22507 Improper Authentication vulnerability in Microfocus Operations Bridge Manager
Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10.
network
low complexity
microfocus CWE-287
7.5
2021-03-26 CVE-2021-22506 Information Exposure vulnerability in Microfocus Access Manager
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0.
network
low complexity
microfocus CWE-200
5.0