Vulnerabilities > Microfocus > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-08 | CVE-2020-11849 | Unspecified vulnerability in Microfocus Identity Manager Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. | 9.8 |
| 2020-05-29 | CVE-2020-11844 | Incorrect Authorization vulnerability in Microfocus Service Management Automation Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. | 9.8 |
| 2019-08-14 | CVE-2019-11652 | Unspecified vulnerability in Microfocus Netiq Self Service Password Reset A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. | 9.8 |
| 2019-03-27 | CVE-2018-19641 | Code Injection vulnerability in Microfocus Solutions Business Manager Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 9.8 |
| 2019-03-25 | CVE-2019-3476 | Unspecified vulnerability in Microfocus Data Protector 10.03 Remote arbitrary code execution in Micro Focus Data Protector, version 10.03 this vulnerability could allow remote arbitrary code execution. | 9.8 |
| 2019-02-12 | CVE-2018-19645 | Improper Authentication vulnerability in Microfocus Solutions Business Manager An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 9.8 |
| 2018-11-21 | CVE-2009-5153 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Netware In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. | 9.8 |
| 2018-08-30 | CVE-2018-6499 | Code Injection vulnerability in Microfocus products Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 9.8 |
| 2018-08-30 | CVE-2018-6498 | Code Injection vulnerability in Microfocus products Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 9.8 |
| 2018-06-29 | CVE-2018-12464 | SQL Injection vulnerability in Microfocus Secure Messaging Gateway A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. | 9.8 |