Vulnerabilities > Microfocus

DATE CVE VULNERABILITY TITLE RISK
2021-09-28 CVE-2021-22535 Incorrect Authorization vulnerability in Microfocus Netiq Directory and Resource Administrator
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1.
low complexity
microfocus CWE-863
2.7
2021-09-28 CVE-2021-38124 Command Injection vulnerability in Microfocus Arcsight Enterprise Security Manager
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5.
network
low complexity
microfocus CWE-77
7.5
2021-09-13 CVE-2021-22524 XML Injection (aka Blind XPath Injection) vulnerability in Microfocus Access Manager 5.0
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
network
low complexity
microfocus CWE-91
4.0
2021-09-13 CVE-2021-22526 Open Redirect vulnerability in Microfocus Access Manager 5.0
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
5.8
2021-09-13 CVE-2021-22527 Information Exposure vulnerability in Microfocus Access Manager 5.0
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
network
low complexity
microfocus CWE-200
5.0
2021-09-13 CVE-2021-22528 Cross-site Scripting vulnerability in Microfocus Access Manager 5.0
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
network
microfocus CWE-79
3.5
2021-09-07 CVE-2021-38123 Open Redirect vulnerability in Microfocus Network Automation
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05.
5.8
2021-09-02 CVE-2021-22525 Exposure of Resource to Wrong Sphere vulnerability in Microfocus Access Manager
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
local
low complexity
microfocus CWE-668
2.1
2021-08-05 CVE-2021-22517 Improper Privilege Management vulnerability in Microfocus Data Protector
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector.
network
low complexity
microfocus CWE-269
6.5
2021-07-30 CVE-2021-22521 Incorrect Authorization vulnerability in Microfocus products
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions.
local
low complexity
microfocus CWE-863
7.2