Vulnerabilities > Microfocus > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-21 | CVE-2018-7679 | Improper Input Validation vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution. | 9.8 |
| 2018-04-24 | CVE-2018-6491 | Unspecified vulnerability in Microfocus Ucmdb Configuration Manager Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. | 9.8 |
| 2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
| 2018-02-22 | CVE-2018-6489 | XXE vulnerability in Microfocus Project and Portfolio Management Center 9.32 XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 9.8 |
| 2018-02-22 | CVE-2018-6488 | Code Injection vulnerability in Microfocus Ucmdb Configuration Manager 4.10/4.11/4.12 Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. | 9.8 |
| 2018-02-02 | CVE-2018-6486 | XXE vulnerability in Microfocus products XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. | 9.8 |
| 2017-09-21 | CVE-2017-9283 | Out-of-bounds Read vulnerability in Microfocus Visibroker 8.5 An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. | 9.8 |
| 2017-09-21 | CVE-2017-9282 | Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5 An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. | 9.8 |
| 2017-08-21 | CVE-2017-7420 | Improper Authentication vulnerability in Microfocus products An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | 9.8 |
| 2016-11-04 | CVE-2016-9176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 7.4.0/9.4/9.4.0 Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. | 9.8 |