Vulnerabilities > Microfocus > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-12 | CVE-2021-22533 | Information Exposure Through Log Files vulnerability in Microfocus Edirectory Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | 9.1 |
| 2024-09-12 | CVE-2021-38132 | Server-Side Request Forgery (SSRF) vulnerability in Microfocus Edirectory Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. | 9.8 |
| 2024-08-28 | CVE-2021-22530 | Improper Restriction of Excessive Authentication Attempts vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. | 9.9 |
| 2024-05-28 | CVE-2024-3969 | XXE vulnerability in Microfocus Imanager 3.2.6 XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-3483 | Deserialization of Untrusted Data vulnerability in Microfocus Imanager Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | 9.8 |
| 2024-05-15 | CVE-2024-3484 | Path Traversal vulnerability in Microfocus Imanager 3.2.6 Path Traversal found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-3486 | XXE vulnerability in Microfocus Imanager 3.2.6 XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. | 9.8 |
| 2024-05-15 | CVE-2024-3487 | Improper Authentication vulnerability in Microfocus Imanager 3.2.6 Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication. | 9.8 |
| 2024-05-15 | CVE-2024-3488 | Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Imanager 3.2.6 File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. | 9.8 |
| 2024-05-15 | CVE-2024-3967 | Deserialization of Untrusted Data vulnerability in Microfocus Imanager 3.2.6 Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization. | 9.8 |