Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-14361 | Unspecified vulnerability in Microfocus Project and Portfolio Management 9.32 Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.4 |
| 2017-12-05 | CVE-2017-14355 | Unspecified vulnerability in Microfocus Connected Backup 8.6/8.8.6 A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. | 7.8 |
| 2017-10-06 | CVE-2017-9272 | Improper Input Validation vulnerability in Microfocus Bi-Directional Driver 4.0.2.0 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | 7.5 |
| 2017-09-21 | CVE-2017-9281 | Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5 An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | 7.5 |
| 2017-08-21 | CVE-2017-7423 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Enterprise Developer and Enterprise Server A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. | 8.8 |
| 2017-08-21 | CVE-2017-5187 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | 8.8 |
| 2017-03-30 | CVE-2017-5185 | Improper Input Validation vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | 7.5 |
| 2016-10-27 | CVE-2016-5764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba FTP Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. | 8.8 |
| 2016-03-16 | CVE-2016-1991 | Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | 8.0 |
| 2016-03-16 | CVE-2016-1990 | Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | 7.8 |