Vulnerabilities > Microfocus > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-21 | CVE-2017-5187 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. | 8.8 |
| 2017-03-30 | CVE-2017-5185 | Improper Input Validation vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | 7.5 |
| 2016-10-27 | CVE-2016-5764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba FTP Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. | 8.8 |
| 2016-03-16 | CVE-2016-1991 | Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors. | 8.0 |
| 2016-03-16 | CVE-2016-1990 | Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | 7.8 |