Vulnerabilities > Microfocus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-28 | CVE-2021-38120 | Command Injection vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. | 7.2 |
| 2024-08-28 | CVE-2021-38121 | Inadequate Encryption Strength vulnerability in Microfocus Netiq Advanced Authentication Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | 8.8 |
| 2024-08-28 | CVE-2021-38122 | Cross-site Scripting vulnerability in Microfocus Netiq Advanced Authentication A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | 8.2 |
| 2024-08-28 | CVE-2024-4554 | Cross-site Scripting vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1. | 5.4 |
| 2024-08-28 | CVE-2024-4555 | Improper Privilege Management vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | 7.5 |
| 2024-08-28 | CVE-2024-4556 | Path Traversal vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | 7.5 |
| 2024-08-21 | CVE-2020-11846 | Unspecified vulnerability in Microfocus Netiq Privileged Access Manager 3.7 A vulnerability found in OpenText Privileged Access Manager that issues a token. | 7.5 |
| 2024-08-21 | CVE-2020-11847 | OS Command Injection vulnerability in Microfocus Netiq Privileged Access Manager 3.7 SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. | 7.8 |
| 2024-08-21 | CVE-2020-11850 | Cross-site Scripting vulnerability in Microfocus Netiq Self Service Password Reset Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | 6.1 |
| 2024-05-28 | CVE-2024-3969 | XXE vulnerability in Microfocus Imanager XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |