Service Manager
by Microfocus
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11668 | 0.00 | — | 0.01 | Sep 10, 2019 | HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service… | |||
| CVE-2019-11646 | 0.00 | — | 0.03 | Jun 3, 2019 | Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and… | |||
| CVE-2018-18591 | 0.00 | — | 0.01 | Nov 13, 2018 | A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data. | |||
| CVE-2014-2633 | 0.00 | — | 0.02 | Aug 23, 2014 | Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2013-6222 | 0.00 | — | 0.03 | Aug 23, 2014 | Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6202 | 0.00 | — | 0.02 | Feb 24, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code. | |||
| CVE-2013-6198 | 0.00 | — | 0.03 | Dec 29, 2013 | Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6197 | 0.00 | — | 0.01 | Dec 29, 2013 | Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | |||
| CVE-2013-4844 | 0.00 | — | 0.06 | Nov 29, 2013 | Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2013-4833 | 0.00 | — | 0.02 | Oct 16, 2013 | Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4832 | 0.00 | — | 0.01 | Oct 16, 2013 | HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2013-4831 | 0.00 | — | 0.01 | Oct 16, 2013 | HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2013-4830 | 0.00 | — | 0.06 | Oct 16, 2013 | HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. | |||
| CVE-2013-4808 | 0.00 | — | 0.04 | Aug 18, 2013 | Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors. | |||
| CVE-2013-2337 | 0.00 | — | 0.02 | Jun 14, 2013 | Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-2336 | 0.00 | — | 0.02 | Jun 14, 2013 | HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2011-1863 | 0.00 | — | 0.01 | Jun 14, 2011 | HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors. | |||
| CVE-2011-1862 | 0.00 | — | 0.02 | Jun 14, 2011 | Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1861 | 0.00 | — | 0.02 | Jun 14, 2011 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors. | |||
| CVE-2011-1860 | 0.00 | — | 0.02 | Jun 14, 2011 | Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors. |
- CVE-2019-11668Sep 10, 2019risk 0.00cvss —epss 0.01
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service…
- CVE-2019-11646Jun 3, 2019risk 0.00cvss —epss 0.03
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and…
- CVE-2018-18591Nov 13, 2018risk 0.00cvss —epss 0.01
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
- CVE-2014-2633Aug 23, 2014risk 0.00cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- CVE-2013-6222Aug 23, 2014risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6202Feb 24, 2014risk 0.00cvss —epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code.
- CVE-2013-6198Dec 29, 2013risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-6197Dec 29, 2013risk 0.00cvss —epss 0.01
Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors.
- CVE-2013-4844Nov 29, 2013risk 0.00cvss —epss 0.06
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, 9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2013-4833Oct 16, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-4832Oct 16, 2013risk 0.00cvss —epss 0.01
HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2013-4831Oct 16, 2013risk 0.00cvss —epss 0.01
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
- CVE-2013-4830Oct 16, 2013risk 0.00cvss —epss 0.06
HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach.
- CVE-2013-4808Aug 18, 2013risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
- CVE-2013-2337Jun 14, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-2336Jun 14, 2013risk 0.00cvss —epss 0.02
HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors.
- CVE-2011-1863Jun 14, 2011risk 0.00cvss —epss 0.01
HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors.
- CVE-2011-1862Jun 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1861Jun 14, 2011risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.
- CVE-2011-1860Jun 14, 2011risk 0.00cvss —epss 0.02
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to capture HTTP session credentials via unknown vectors.
Page 2 of 3