Vulnerabilities > Microfocus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-20 | CVE-2018-17948 | Open Redirect vulnerability in Microfocus Access Manager An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | 6.1 |
| 2018-11-15 | CVE-2018-12480 | Cross-site Scripting vulnerability in Microfocus Access Manager Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | 6.1 |
| 2018-11-13 | CVE-2018-18591 | Information Exposure vulnerability in Microfocus Service Manager A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. | 6.5 |
| 2018-08-09 | CVE-2018-7692 | Open Redirect vulnerability in Microfocus Edirectory Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | 6.1 |
| 2018-06-22 | CVE-2018-7682 | Information Exposure Through Log Files vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains. | 6.5 |
| 2018-06-21 | CVE-2018-7681 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. | 4.8 |
| 2018-06-21 | CVE-2018-7680 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | 6.1 |
| 2018-05-23 | CVE-2018-6495 | Cross-site Scripting vulnerability in Microfocus CMS Server, Universal Cmdb and Universal Cmdb Browser Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. | 5.4 |
| 2018-05-22 | CVE-2018-6494 | SQL Injection vulnerability in Microfocus Service Manager Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. | 5.4 |
| 2018-03-07 | CVE-2018-7675 | Information Exposure vulnerability in Microfocus Sentinel In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. | 5.3 |