Vulnerabilities > Microfocus > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-21 CVE-2017-7423 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Enterprise Developer and Enterprise Server
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured.
network
low complexity
microfocus CWE-352
8.8
8.8
2017-08-21 CVE-2017-5187 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
network
low complexity
microfocus CWE-352
8.8
8.8
2017-03-30 CVE-2017-5185 Improper Input Validation vulnerability in Microfocus Sentinel 8.0/8.0.0.1
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.
network
low complexity
microfocus CWE-20
7.5
7.5
2016-10-27 CVE-2016-5764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba FTP
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution.
network
low complexity
microfocus CWE-119
8.8
8.8
2016-03-16 CVE-2016-1991 Unspecified vulnerability in Microfocus Arcsight Enterprise Security Manager
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to conduct unspecified "file download" attacks via unknown vectors.
network
low complexity
microfocus
8.0
8.0
2016-03-16 CVE-2016-1990 Permissions, Privileges, and Access Controls vulnerability in Microfocus Arcsight Enterprise Security Manager
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
local
low complexity
microfocus CWE-264
7.8
7.8