VYPR

Vibe

by Microfocus

CVEs (2)

  • CVE-2017-7433MedMay 18, 2017
    risk 0.42cvss 6.5epss 0.01

    An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed…

  • CVE-2020-9520MedMar 25, 2020
    risk 0.35cvss 5.4epss 0.01

    A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker…