Vulnerabilities > Microfocus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-29 | CVE-2018-12464 | SQL Injection vulnerability in Microfocus Secure Messaging Gateway A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. | 9.8 |
| 2018-06-22 | CVE-2018-7682 | Information Exposure Through Log Files vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | 6.5 |
| 2018-06-21 | CVE-2018-7683 | Information Exposure Through Log Files vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | 7.5 |
| 2018-06-21 | CVE-2018-7681 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. | 4.8 |
| 2018-06-21 | CVE-2018-7680 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | 6.1 |
| 2018-06-21 | CVE-2018-7679 | Improper Input Validation vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | 9.8 |
| 2018-06-16 | CVE-2018-6497 | Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-06-16 | CVE-2018-6496 | Deserialization of Untrusted Data vulnerability in Microfocus Universal Cmbd Browser Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-05-23 | CVE-2018-6495 | Cross-site Scripting vulnerability in Microfocus CMS Server, Universal Cmdb and Universal Cmdb Browser Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. | 5.4 |
| 2018-05-22 | CVE-2018-6494 | SQL Injection vulnerability in Microfocus Service Manager Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | 5.4 |