Vulnerabilities > Microfocus > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-05-15 CVE-2024-3968 Unspecified vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
network
low complexity
microfocus
critical
 9.8
9.8
2023-11-08 CVE-2023-5913 Unspecified vulnerability in Microfocus Fortify Scancentral Dast
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST.
network
low complexity
microfocus
critical
 9.8
9.8
2023-09-12 CVE-2023-4501 Improper Authentication vulnerability in Microfocus products
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations.
network
low complexity
microfocus CWE-287
critical
 9.8
9.8
2023-06-13 CVE-2023-24470 XXE vulnerability in Microfocus Arcsight Logger
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
network
low complexity
microfocus CWE-611
critical
 9.1
9.1
2023-03-15 CVE-2023-24468 Unspecified vulnerability in Microfocus Netiq Advanced Authentication
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
network
low complexity
microfocus
critical
 9.8
9.8
2022-04-11 CVE-2021-38125 Unspecified vulnerability in Microfocus Operations Bridge 2021.05/2021.08/2022.11
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08.
network
low complexity
microfocus
critical
 9.8
9.8
2021-09-28 CVE-2021-38124 Command Injection vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5.
network
low complexity
microfocus CWE-77
critical
 9.8
9.8
2021-05-28 CVE-2021-22519 Unspecified vulnerability in Microfocus Sitescope
Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93).
network
low complexity
microfocus
critical
 9.8
9.8
2021-04-28 CVE-2021-22514 Unspecified vulnerability in Microfocus Application Performance Management 9.40/9.50/9.51
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51.
network
low complexity
microfocus
critical
 9.8
9.8
2021-04-13 CVE-2021-22505 Unspecified vulnerability in Microfocus Operations Agent
Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.10, 12.11, 12.12, 12.14 and 12.15.
network
low complexity
microfocus
critical
 9.8
9.8