Vulnerabilities > Microfocus > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2021-38135 Unspecified vulnerability in Microfocus Imanager
Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus
critical
 9.8
9.8
2024-11-22 CVE-2023-24466 Unspecified vulnerability in Microfocus Imanager
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus
critical
 9.8
9.8
2024-11-22 CVE-2023-24467 Unspecified vulnerability in Microfocus Imanager
Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000.
network
low complexity
microfocus
critical
 9.8
9.8
2024-09-12 CVE-2021-22533 Information Exposure Through Log Files vulnerability in Microfocus Edirectory
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
network
low complexity
microfocus CWE-532
critical
 9.1
9.1
2024-09-12 CVE-2021-38132 Server-Side Request Forgery (SSRF) vulnerability in Microfocus Edirectory
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory.
network
low complexity
microfocus CWE-918
critical
 9.8
9.8
2024-08-28 CVE-2021-22530 Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login.
network
low complexity
microfocus CWE-307
critical
 9.9
9.9
2024-05-28 CVE-2024-3969 XXE vulnerability in Microfocus Imanager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2024-05-15 CVE-2024-3483 Deserialization of Untrusted Data vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
network
low complexity
microfocus CWE-502
critical
 9.8
9.8
2024-05-15 CVE-2024-3484 Path Traversal vulnerability in Microfocus Imanager
Path Traversal found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-22
critical
 9.8
9.8
2024-05-15 CVE-2024-3486 XXE vulnerability in Microfocus Imanager
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8