Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-4184 | XXE vulnerability in Microfocus Application Automation Tools Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4189 | XXE vulnerability in Microfocus Application Automation Tools Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-10-16 | CVE-2024-4690 | XXE vulnerability in Microfocus Application Automation Tools Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | 8.0 |
| 2024-09-12 | CVE-2021-22532 | Allocation of Resources Without Limits or Throttling vulnerability in Microfocus Edirectory Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. | 7.5 |
| 2024-08-28 | CVE-2021-38120 | Command Injection vulnerability in Microfocus Netiq Advanced Authentication A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. | 7.2 |
| 2024-08-28 | CVE-2021-38121 | Inadequate Encryption Strength vulnerability in Microfocus Netiq Advanced Authentication Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | 8.8 |
| 2024-08-28 | CVE-2021-38122 | Cross-site Scripting vulnerability in Microfocus Netiq Advanced Authentication A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | 8.2 |
| 2024-08-28 | CVE-2024-4555 | Improper Privilege Management vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | 7.5 |
| 2024-08-28 | CVE-2024-4556 | Path Traversal vulnerability in Microfocus Netiq Access Manager 5.0.2 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | 7.5 |
| 2024-08-21 | CVE-2020-11846 | Unspecified vulnerability in Microfocus Netiq Privileged Access Manager 3.7 A vulnerability found in OpenText Privileged Access Manager that issues a token. | 7.5 |