Vulnerabilities > Microfocus > High

DATE CVE VULNERABILITY TITLE RISK
2019-03-27 CVE-2018-19643 Information Exposure vulnerability in Microfocus Solutions Business Manager
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
network
low complexity
microfocus CWE-200
7.5
7.5
2019-03-27 CVE-2018-19642 Improper Input Validation vulnerability in Microfocus Solutions Business Manager
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
network
low complexity
microfocus CWE-20
7.5
7.5
2019-03-21 CVE-2016-9166 Permissions, Privileges, and Access Controls vulnerability in Microfocus Netiq Edirectory 9.0
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
network
low complexity
microfocus CWE-264
7.5
7.5
2019-02-20 CVE-2019-3475 Improper Privilege Management vulnerability in Microfocus Filr 3.0
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root.
local
low complexity
microfocus CWE-269
7.8
7.8
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. 		8.6
8.6
2018-12-12 CVE-2018-17950 Incorrect Authorization vulnerability in Microfocus Edirectory
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
network
low complexity
microfocus CWE-863
7.5
7.5
2018-11-07 CVE-2018-18590 Information Exposure vulnerability in Microfocus Operations Bridge
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08.
low complexity
microfocus CWE-200
8.8
8.8
2018-10-23 CVE-2018-18589 Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50.
network
low complexity
microfocus CWE-502
8.8
8.8
2018-10-12 CVE-2018-12469 NULL Pointer Dereference vulnerability in Microfocus Enterprise Developer and Enterprise Server
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
network
low complexity
microfocus CWE-476
7.5
7.5
2018-09-20 CVE-2018-6504 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Management Center
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81.
network
low complexity
microfocus CWE-352
8.8
8.8