Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-16 | CVE-2018-6497 | Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-06-16 | CVE-2018-6496 | Deserialization of Untrusted Data vulnerability in Microfocus Universal Cmbd Browser Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-05-21 | CVE-2018-7687 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Client 2.0 The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | 7.8 |
| 2018-03-02 | CVE-2017-7429 | Improper Certificate Validation vulnerability in multiple products The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | 8.8 |
| 2018-02-20 | CVE-2018-6487 | Information Exposure vulnerability in Microfocus Universal Cmdb Foundation Software Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. | 7.5 |
| 2017-12-13 | CVE-2017-14362 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Project and Portfolio Management 9.32 Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.3 |
| 2017-12-13 | CVE-2017-14361 | Unspecified vulnerability in Microfocus Project and Portfolio Management 9.32 Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.4 |
| 2017-12-05 | CVE-2017-14355 | Unspecified vulnerability in Microfocus Connected Backup 8.6/8.8.6 A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. | 7.8 |
| 2017-10-06 | CVE-2017-9272 | Improper Input Validation vulnerability in Microfocus Bi-Directional Driver 4.0.2.0 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack. | 7.5 |
| 2017-09-21 | CVE-2017-9281 | Integer Overflow or Wraparound vulnerability in Microfocus Visibroker 8.5 An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | 7.5 |