Vulnerabilities > Microfocus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-28 | CVE-2024-4555 | Improper Privilege Management vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | 7.5 |
| 2024-08-28 | CVE-2024-4556 | Path Traversal vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | 7.5 |
| 2024-08-21 | CVE-2020-11846 | Unspecified vulnerability in Microfocus Netiq Privileged Access Manager 3.7 A vulnerability found in OpenText Privileged Access Manager that issues a token. | 7.5 |
| 2024-08-21 | CVE-2020-11847 | OS Command Injection vulnerability in Microfocus Netiq Privileged Access Manager 3.7 SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. | 7.8 |
| 2024-08-21 | CVE-2020-11850 | Cross-site Scripting vulnerability in Microfocus Netiq Self Service Password Reset Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | 6.1 |
| 2024-05-28 | CVE-2024-3969 | XXE vulnerability in Microfocus Imanager XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-28 | CVE-2024-4429 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Imanager Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. | 7.4 |
| 2024-05-15 | CVE-2024-3483 | Deserialization of Untrusted Data vulnerability in Microfocus Imanager Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | 9.8 |
| 2024-05-15 | CVE-2024-3484 | Path Traversal vulnerability in Microfocus Imanager Path Traversal found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-3485 | Server-Side Request Forgery (SSRF) vulnerability in Microfocus Imanager Server Side Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. | 7.5 |