Vulnerabilities > Microfocus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-15 | CVE-2017-8993 | Cross-site Scripting vulnerability in Microfocus Project and Portfolio Management A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. | 5.4 |
| 2017-12-21 | CVE-2017-14363 | Cross-site Scripting vulnerability in Microfocus Operations Manager I 10.60/10.61/10.62 Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. | 5.4 |
| 2017-10-06 | CVE-2017-9273 | Unspecified vulnerability in Microfocus Bi-Directional Driver 4.0.2.0 The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. | 5.3 |
| 2017-08-21 | CVE-2017-7424 | Path Traversal vulnerability in Microfocus Enterprise Developer and Enterprise Server A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. | 6.5 |
| 2017-08-21 | CVE-2017-7422 | Cross-site Scripting vulnerability in Microfocus Enterprise Developer and Enterprise Server Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. | 5.4 |
| 2017-08-21 | CVE-2017-7421 | Cross-site Scripting vulnerability in Microfocus products Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | 6.1 |
| 2017-03-30 | CVE-2017-5184 | Information Exposure vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). | 5.3 |
| 2016-11-29 | CVE-2016-5765 | Information Exposure vulnerability in Microfocus products Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. | 6.5 |
| 2016-03-24 | CVE-2016-1599 | Cross-site Scripting vulnerability in Microfocus Self Service Password Reset Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |