Vulnerabilities > Microfocus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-13 | CVE-2021-22528 | Cross-site Scripting vulnerability in Microfocus Access Manager 5.0 Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | 5.4 |
| 2021-09-07 | CVE-2021-38123 | Open Redirect vulnerability in Microfocus Network Automation Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. | 6.1 |
| 2021-09-02 | CVE-2021-22525 | Unspecified vulnerability in Microfocus Access Manager This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1 | 5.5 |
| 2021-07-30 | CVE-2021-22521 | Incorrect Authorization vulnerability in Microfocus products A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. | 6.7 |
| 2021-07-12 | CVE-2021-22515 | Incorrect Authorization vulnerability in Microfocus Netiq Advanced Authentication Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. | 6.5 |
| 2021-04-08 | CVE-2021-22513 | Missing Authorization vulnerability in Microfocus Application Automation Tools Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. | 6.5 |
| 2021-04-08 | CVE-2021-22512 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Application Automation Tools Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. | 6.5 |
| 2021-04-08 | CVE-2021-22511 | Improper Certificate Validation vulnerability in Microfocus Application Automation Tools Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. | 6.5 |
| 2021-04-08 | CVE-2021-22510 | Cross-site Scripting vulnerability in Microfocus Application Automation Tools Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. | 6.1 |
| 2021-03-26 | CVE-2020-25840 | Cross-site Scripting vulnerability in Microfocus Access Manager Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. | 6.1 |