Vulnerabilities > Microfocus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-22 | CVE-2018-6494 | SQL Injection vulnerability in Microfocus Service Manager Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | 5.4 |
| 2018-05-21 | CVE-2018-7687 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Client 2.0 The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | 7.8 |
| 2018-04-24 | CVE-2018-6491 | Unspecified vulnerability in Microfocus Ucmdb Configuration Manager Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. | 9.8 |
| 2018-03-07 | CVE-2018-7675 | Information Exposure vulnerability in Microfocus Sentinel In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. | 5.3 |
| 2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
| 2018-03-02 | CVE-2017-7429 | Improper Certificate Validation vulnerability in multiple products The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | 8.8 |
| 2018-02-22 | CVE-2018-6489 | XXE vulnerability in Microfocus Project and Portfolio Management Center 9.32 XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 9.8 |
| 2018-02-22 | CVE-2018-6488 | Code Injection vulnerability in Microfocus Ucmdb Configuration Manager 4.10/4.11/4.12 Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. | 9.8 |
| 2018-02-20 | CVE-2018-6487 | Information Exposure vulnerability in Microfocus Universal Cmdb Foundation Software Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. | 7.5 |
| 2018-02-15 | CVE-2017-8993 | Cross-site Scripting vulnerability in Microfocus Project and Portfolio Management A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | 5.4 |