Vulnerabilities > Microfocus > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-05-15 CVE-2024-3487 Improper Authentication vulnerability in Microfocus Imanager
Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
network
low complexity
microfocus CWE-287
critical
 9.8
9.8
2024-05-15 CVE-2024-3488 Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Imanager
File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
network
low complexity
microfocus CWE-434
critical
 9.8
9.8
2024-05-15 CVE-2024-3967 Deserialization of Untrusted Data vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
network
low complexity
microfocus CWE-502
critical
 9.8
9.8
2024-05-15 CVE-2024-3968 Unspecified vulnerability in Microfocus Imanager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
network
low complexity
microfocus
critical
 9.8
9.8
2023-11-08 CVE-2023-5913 Unspecified vulnerability in Microfocus Fortify Scancentral Dast
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST.
network
low complexity
microfocus
critical
 9.8
9.8
2023-09-12 CVE-2023-4501 Improper Authentication vulnerability in Microfocus products
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations.
network
low complexity
microfocus CWE-287
critical
 9.8
9.8
2023-06-13 CVE-2023-24470 XXE vulnerability in Microfocus Arcsight Logger
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.
network
low complexity
microfocus CWE-611
critical
 9.1
9.1
2023-03-15 CVE-2023-24468 Unspecified vulnerability in Microfocus Netiq Advanced Authentication
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
network
low complexity
microfocus
critical
 9.8
9.8
2022-04-11 CVE-2021-38125 Unspecified vulnerability in Microfocus Operations Bridge 2021.05/2021.08/2022.11
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08.
network
low complexity
microfocus
critical
 9.8
9.8
2021-09-28 CVE-2021-38124 Command Injection vulnerability in Microfocus Arcsight Enterprise Security Manager 7.4/7.5
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5.
network
low complexity
microfocus CWE-77
critical
 9.8
9.8