Vulnerabilities > Microfocus > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2017-9285 | Improper Authentication vulnerability in multiple products NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services. | 9.8 |
| 2018-02-22 | CVE-2018-6489 | XXE vulnerability in Microfocus Project and Portfolio Management Center 9.32 XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 9.8 |
| 2018-02-22 | CVE-2018-6488 | Code Injection vulnerability in Microfocus Ucmdb Configuration Manager 4.10/4.11/4.12 Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. | 9.8 |
| 2018-02-02 | CVE-2018-6486 | XXE vulnerability in Microfocus products XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), versions 16.10, 16.20, 17.10. | 9.8 |
| 2017-09-21 | CVE-2017-9283 | Out-of-bounds Read vulnerability in Microfocus Visibroker 8.5 An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. | 9.8 |
| 2017-09-21 | CVE-2017-9282 | Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5 An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. | 9.8 |
| 2017-08-21 | CVE-2017-7420 | Improper Authentication vulnerability in Microfocus products An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). | 9.8 |
| 2016-11-04 | CVE-2016-9176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 7.4.0/9.4/9.4.0 Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. | 9.8 |
| 2016-07-03 | CVE-2016-5228 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 9.4 Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. | 9.8 |
| 2016-07-03 | CVE-2016-1606 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 9.4 Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client. | 9.8 |