Vulnerabilities > Microfocus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2021-38131 | Cross-site Scripting vulnerability in Microfocus Edirectory Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | 6.1 |
| 2024-09-12 | CVE-2021-38132 | Server-Side Request Forgery (SSRF) vulnerability in Microfocus Edirectory Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. | 9.8 |
| 2024-09-12 | CVE-2021-38133 | Weak Password Requirements vulnerability in Microfocus Edirectory Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. | 6.5 |
| 2024-08-28 | CVE-2021-22509 | Cleartext Storage of Sensitive Information vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in storing and reusing information in Advance Authentication. | 6.5 |
| 2024-08-28 | CVE-2021-22529 | Unspecified vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. | 5.5 |
| 2024-08-28 | CVE-2021-22530 | Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. | 9.9 |
| 2024-08-28 | CVE-2021-38120 | Command Injection vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. | 7.2 |
| 2024-08-28 | CVE-2021-38121 | Inadequate Encryption Strength vulnerability in Microfocus Netiq Advanced Authentication Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | 8.8 |
| 2024-08-28 | CVE-2021-38122 | Cross-site Scripting vulnerability in Microfocus Netiq Advanced Authentication A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | 8.2 |
| 2024-08-28 | CVE-2024-4554 | Cross-site Scripting vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. | 5.4 |