Vulnerabilities > Microfocus > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-12 CVE-2021-22533 Information Exposure Through Log Files vulnerability in Microfocus Edirectory
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000.
network
low complexity
microfocus CWE-532
critical
 9.1
9.1
2024-09-12 CVE-2021-38132 Server-Side Request Forgery (SSRF) vulnerability in Microfocus Edirectory
Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory.
network
low complexity
microfocus CWE-918
critical
 9.8
9.8
2024-08-28 CVE-2021-22530 Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login.
network
low complexity
microfocus CWE-307
critical
 9.9
9.9
2023-11-08 CVE-2023-5913 Unspecified vulnerability in Microfocus Fortify Scancentral Dast
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST.
network
low complexity
microfocus
critical
 9.8
9.8
2023-09-12 CVE-2023-4501 Improper Authentication vulnerability in Microfocus products
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations.
network
low complexity
microfocus CWE-287
critical
 9.8
9.8
2023-06-13 CVE-2023-24470 XXE vulnerability in Microfocus Arcsight Logger
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
network
low complexity
microfocus CWE-611
critical
 9.1
9.1
2023-03-15 CVE-2023-24468 Unspecified vulnerability in Microfocus Netiq Advanced Authentication
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
network
low complexity
microfocus
critical
 9.8
9.8
2022-04-11 CVE-2021-38125 Unspecified vulnerability in Microfocus Operations Bridge 2021.05/2021.08/2022.11
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08.
network
low complexity
microfocus
critical
 9.8
9.8
2021-09-28 CVE-2021-38124 Command Injection vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5.
network
low complexity
microfocus CWE-77
critical
 9.8
9.8
2021-05-28 CVE-2021-22519 Unspecified vulnerability in Microfocus Sitescope
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93).
network
low complexity
microfocus
critical
 9.8
9.8