Vulnerabilities > Microfocus > High

DATE CVE VULNERABILITY TITLE RISK
2019-05-09 CVE-2016-1600 Information Exposure vulnerability in Microfocus Identity Manager
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.
network
low complexity
microfocus CWE-200
7.5
7.5
2019-04-29 CVE-2019-3493 Unspecified vulnerability in Microfocus Network Automation and Network Operations Management
A potential security vulnerability has been identified in Micro Focus Network Automation Software 9.20, 9.21, 10.00, 10.10, 10.20, 10.30, 10.40, 10.50, 2018.05, 2018.08, 2018.11, and Micro Focus Network Operations Management (NOM) all versions.
network
low complexity
microfocus
8.8
8.8
2019-04-01 CVE-2019-3489 Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Content Manager
An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method.
network
low complexity
microfocus CWE-434
7.5
7.5
2019-03-27 CVE-2018-19643 Information Exposure vulnerability in Microfocus Solutions Business Manager
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
network
low complexity
microfocus CWE-200
7.5
7.5
2019-03-27 CVE-2018-19642 Improper Input Validation vulnerability in Microfocus Solutions Business Manager
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
network
low complexity
microfocus CWE-20
7.5
7.5
2019-03-21 CVE-2016-9166 Permissions, Privileges, and Access Controls vulnerability in Microfocus Netiq Edirectory 9.0
NetIQ eDirectory versions prior to 9.0.2, under some circumstances, could be susceptible to downgrade of communication security.
network
low complexity
microfocus CWE-264
7.5
7.5
2019-02-20 CVE-2019-3475 Improper Privilege Management vulnerability in Microfocus Filr 3.0
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root.
local
low complexity
microfocus CWE-269
7.8
7.8
2019-02-11 CVE-2019-5736 OS Command Injection vulnerability in multiple products
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. 		8.6
8.6
2018-12-12 CVE-2018-17950 Incorrect Authorization vulnerability in Microfocus Edirectory
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
network
low complexity
microfocus CWE-863
7.5
7.5
2018-11-07 CVE-2018-18590 Information Exposure vulnerability in Microfocus Operations Bridge
A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08.
low complexity
microfocus CWE-200
8.8
8.8