Vulnerabilities > Microfocus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-07 | CVE-2018-18590 | Information Exposure vulnerability in Microfocus Operations Bridge A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. | 8.8 |
| 2018-10-23 | CVE-2018-18589 | Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. | 8.8 |
| 2018-10-12 | CVE-2018-12469 | NULL Pointer Dereference vulnerability in Microfocus Enterprise Developer and Enterprise Server Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | 7.5 |
| 2018-09-20 | CVE-2018-6504 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Management Center A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. | 8.8 |
| 2018-08-30 | CVE-2018-6499 | Code Injection vulnerability in Microfocus products Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 9.8 |
| 2018-08-30 | CVE-2018-6498 | Code Injection vulnerability in Microfocus products Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 9.8 |
| 2018-08-09 | CVE-2018-7692 | Open Redirect vulnerability in Microfocus Edirectory Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | 6.1 |
| 2018-08-09 | CVE-2018-7686 | Information Exposure vulnerability in Microfocus Edirectory Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | 7.5 |
| 2018-08-01 | CVE-2018-12468 | Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Groupwise 18/18.0.1 A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. | 7.2 |
| 2018-06-29 | CVE-2018-12465 | OS Command Injection vulnerability in Microfocus Secure Messaging Gateway An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. | 7.2 |