Vulnerabilities > Microfocus

DATE CVE VULNERABILITY TITLE RISK
2018-03-02 CVE-2017-7429 Improper Certificate Validation vulnerability in multiple products
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
network
low complexity
netiq microfocus CWE-295
8.8
2018-02-22 CVE-2018-6489 XXE vulnerability in Microfocus Project and Portfolio Management Center 9.32
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32.
network
low complexity
microfocus CWE-611
critical
9.8
2018-02-22 CVE-2018-6488 Code Injection vulnerability in Microfocus Ucmdb Configuration Manager 4.10/4.11/4.12
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12.
network
low complexity
microfocus CWE-94
critical
9.8
2018-02-20 CVE-2018-6487 Information Exposure vulnerability in Microfocus Universal Cmdb Foundation Software
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11.
network
low complexity
microfocus CWE-200
7.5
2018-02-15 CVE-2017-8993 Cross-site Scripting vulnerability in Microfocus Project and Portfolio Management
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.
network
low complexity
microfocus CWE-79
5.4
2018-02-02 CVE-2018-6486 XXE vulnerability in Microfocus products
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10.
network
low complexity
microfocus CWE-611
critical
9.8
2017-12-21 CVE-2017-14363 Cross-site Scripting vulnerability in Microfocus Operations Manager I 10.60/10.61/10.62
Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62.
network
low complexity
microfocus CWE-79
5.4
2017-12-13 CVE-2017-14362 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Project and Portfolio Management 9.32
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32.
network
low complexity
microfocus CWE-352
7.3
2017-12-13 CVE-2017-14361 Unspecified vulnerability in Microfocus Project and Portfolio Management 9.32
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32.
network
high complexity
microfocus
7.4
2017-12-05 CVE-2017-14355 Unspecified vulnerability in Microfocus Connected Backup 8.6/8.8.6
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6.
local
low complexity
microfocus
7.8