Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-07 | CVE-2018-18590 | Information Exposure vulnerability in Microfocus Operations Bridge A potential remote code execution and information disclosure vulnerability exists in Micro Focus Operations Bridge containerized suite versions 2017.11, 2018.02, 2018.05, 2018.08. | 8.8 |
| 2018-10-23 | CVE-2018-18589 | Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. | 8.8 |
| 2018-10-12 | CVE-2018-12469 | NULL Pointer Dereference vulnerability in Microfocus Enterprise Developer and Enterprise Server Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | 7.5 |
| 2018-09-20 | CVE-2018-6504 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Management Center A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. | 8.8 |
| 2018-08-09 | CVE-2018-7686 | Information Exposure vulnerability in Microfocus Edirectory Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | 7.5 |
| 2018-08-01 | CVE-2018-12468 | Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Groupwise 18/18.0.1 A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. | 7.2 |
| 2018-06-29 | CVE-2018-12465 | OS Command Injection vulnerability in Microfocus Secure Messaging Gateway An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. | 7.2 |
| 2018-06-21 | CVE-2018-7683 | Information Exposure Through Log Files vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | 7.5 |
| 2018-06-16 | CVE-2018-6497 | Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-06-16 | CVE-2018-6496 | Deserialization of Untrusted Data vulnerability in Microfocus Universal Cmbd Browser Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |