Vulnerabilities > Microfocus > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-08-30 CVE-2018-6498 Code Injection vulnerability in Microfocus products
Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution.
network
low complexity
microfocus CWE-94
critical
 9.8
9.8
2018-06-29 CVE-2018-12464 SQL Injection vulnerability in Microfocus Secure Messaging Gateway
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database.
network
low complexity
microfocus CWE-89
critical
 9.8
9.8
2018-06-21 CVE-2018-7679 Improper Input Validation vulnerability in Microfocus Solutions Business Manager
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
network
low complexity
microfocus CWE-20
critical
 9.8
9.8
2018-04-24 CVE-2018-6491 Unspecified vulnerability in Microfocus Ucmdb Configuration Manager
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00.
network
low complexity
microfocus
critical
 9.8
9.8
2018-03-02 CVE-2017-9285 Improper Authentication vulnerability in multiple products
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
network
low complexity
netiq microfocus CWE-287
critical
 9.8
9.8
2018-02-22 CVE-2018-6489 XXE vulnerability in Microfocus Project and Portfolio Management Center 9.32
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2018-02-22 CVE-2018-6488 Code Injection vulnerability in Microfocus Ucmdb Configuration Manager 4.10/4.11/4.12
Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12.
network
low complexity
microfocus CWE-94
critical
 9.8
9.8
2018-02-02 CVE-2018-6486 XXE vulnerability in Microfocus products
XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10.
network
low complexity
microfocus CWE-611
critical
 9.8
9.8
2017-09-21 CVE-2017-9283 Out-of-bounds Read vulnerability in Microfocus Visibroker 8.5
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5.
network
low complexity
microfocus CWE-125
critical
 9.8
9.8
2017-09-21 CVE-2017-9282 Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5.
network
low complexity
microfocus CWE-190
critical
 9.8
9.8