Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-02 | CVE-2017-7429 | Improper Certificate Validation vulnerability in multiple products The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | 8.8 |
| 2018-02-20 | CVE-2018-6487 | Information Exposure vulnerability in Microfocus Universal Cmdb Foundation Software Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. | 7.5 |
| 2017-12-13 | CVE-2017-14362 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Project and Portfolio Management 9.32 Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.3 |
| 2017-12-13 | CVE-2017-14361 | Unspecified vulnerability in Microfocus Project and Portfolio Management 9.32 Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.4 |
| 2017-12-05 | CVE-2017-14355 | Unspecified vulnerability in Microfocus Connected Backup 8.6/8.8.6 A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. | 7.8 |
| 2017-10-06 | CVE-2017-9272 | Improper Input Validation vulnerability in Microfocus Bi-Directional Driver 4.0.2.0 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | 7.5 |
| 2017-09-21 | CVE-2017-9281 | Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5 An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | 7.5 |
| 2017-08-21 | CVE-2017-7423 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Enterprise Developer and Enterprise Server A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. | 8.8 |
| 2017-08-21 | CVE-2017-5187 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | 8.8 |
| 2017-03-30 | CVE-2017-5185 | Improper Input Validation vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | 7.5 |