Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2018-18589 | Deserialization of Untrusted Data vulnerability in Microfocus Real User Monitoring A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. | 8.8 |
| 2018-10-12 | CVE-2018-12469 | NULL Pointer Dereference vulnerability in Microfocus Enterprise Developer and Enterprise Server Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | 7.5 |
| 2018-09-20 | CVE-2018-6504 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Arcsight Management Center A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. | 8.8 |
| 2018-08-09 | CVE-2018-7686 | Information Exposure vulnerability in Microfocus Edirectory Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | 7.5 |
| 2018-08-01 | CVE-2018-12468 | Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Groupwise 18/18.0.1 A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. | 7.2 |
| 2018-06-29 | CVE-2018-12465 | OS Command Injection vulnerability in Microfocus Secure Messaging Gateway An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. | 7.2 |
| 2018-06-21 | CVE-2018-7683 | Information Exposure Through Log Files vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | 7.5 |
| 2018-06-16 | CVE-2018-6497 | Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-06-16 | CVE-2018-6496 | Deserialization of Untrusted Data vulnerability in Microfocus Universal Cmbd Browser Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-05-21 | CVE-2018-7687 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Client 2.0 The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | 7.8 |