VYPR

Service Manager

by Microfocus

CVEs (44)

  • CVE-2016-1998CriMar 22, 2016
    risk 0.64cvss 9.8epss 0.07

    HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

  • CVE-2016-4371HigJun 19, 2016
    risk 0.52cvss 8.0epss 0.01

    HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client,…

  • CVE-2016-2025HigMay 30, 2016
    risk 0.49cvss 7.5epss 0.04

    HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote attackers to obtain sensitive information via unspecified vectors, related to the Web Client, Service Request Catalog, and Mobility components.

  • CVE-2025-0884HigMar 12, 2025
    risk 0.47cvss epss 0.00

    Unquoted Search Path or Element vulnerability in OpenText™ Service Manager.  The vulnerability could allow a user to gain SYSTEM privileges through Privilege Escalation. This issue affects Service Manager: 9.70, 9.71, 9.72.

  • CVE-2025-0883LowMar 12, 2025
    risk 0.14cvss epss 0.00

    Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.

  • CVE-2014-2634Aug 23, 2014
    risk 0.01cvss epss 0.06

    Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors.

  • CVE-2014-2632Aug 23, 2014
    risk 0.01cvss epss 0.13

    Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2021-33231Oct 20, 2022
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field.

  • CVE-2022-30572Aug 2, 2022
    risk 0.00cvss epss 0.01

    The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected…

  • CVE-2021-38560Feb 1, 2022
    risk 0.00cvss epss 0.03

    Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.

  • CVE-2020-11845May 19, 2020
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.

  • CVE-2020-9519Mar 16, 2020
    risk 0.00cvss epss 0.01

    HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.

  • CVE-2019-11662Sep 18, 2019
    risk 0.00cvss epss 0.01

    Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error…

  • CVE-2019-11661Sep 18, 2019
    risk 0.00cvss epss 0.01

    Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.

  • CVE-2019-11664Sep 18, 2019
    risk 0.00cvss epss 0.01

    Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-11663Sep 18, 2019
    risk 0.00cvss epss 0.00

    Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-11665Sep 17, 2019
    risk 0.00cvss epss 0.01

    Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-11666Sep 17, 2019
    risk 0.00cvss epss 0.01

    Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

  • CVE-2019-11667Sep 17, 2019
    risk 0.00cvss epss 0.01

    Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.

  • CVE-2019-11669Sep 10, 2019
    risk 0.00cvss epss 0.01

    Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.

Page 1 of 3