VYPR

Vendor CVEs

Microfocus

All CVEs

2,181 total · sorted by risk
  • CVE-2026-39455HigMay 13, 2026
    risk 0.49cvss 7.5epss 0.00

    When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors.  Note: Software versions which have reached End of Technical…

  • CVE-2025-60805HigOct 28, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.

  • CVE-2025-43025HigJul 2, 2025
    risk 0.49cvss 7.5epss 0.00

    HP Universal Print Driver is potentially vulnerable to denial of service due to buffer overflow in versions of UPD 7.4 or older (e.g., v7.3.x, v7.2.x, v7.1.x, etc.).

  • CVE-2025-2268HigMar 14, 2025
    risk 0.49cvss 7.5epss 0.00

    The HP LaserJet MFP M232-M237 Printer Series may be vulnerable to a denial of service attack when a specially crafted request message is sent via Internet Printing Protocol (IPP).

  • CVE-2023-24466HigNov 22, 2024
    risk 0.49cvss 7.5epss 0.01

    Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200.

  • CVE-2022-26324HigNov 22, 2024
    risk 0.49cvss 7.6epss 0.00

    Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000.

  • CVE-2024-5749HigOct 15, 2024
    risk 0.49cvss 7.5epss 0.01

    Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.

  • CVE-2024-2301HigMay 23, 2024
    risk 0.49cvss 7.6epss 0.00

    Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device.

  • CVE-2024-1869HigMar 1, 2024
    risk 0.49cvss 7.5epss 0.02

    Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220.

  • CVE-2023-6123HigFeb 15, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack.

  • CVE-2023-4694HigDec 14, 2023
    risk 0.49cvss 7.5epss 0.01

    Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when sending a SOAP message to the service on TCP port 3911 that contains a body but no header.

  • CVE-2023-4499HigOct 13, 2023
    risk 0.49cvss 7.5epss 0.01

    A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.

  • CVE-2023-1707HigJun 13, 2023
    risk 0.49cvss 7.5epss 0.01

    Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.

  • CVE-2022-2794HigDec 12, 2022
    risk 0.49cvss 7.5epss 0.01

    Certain HP PageWide Pro Printers may be vulnerable to a potential denial of service attack.

  • CVE-2022-24291HigMar 23, 2022
    risk 0.49cvss 7.5epss 0.04

    Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.

  • CVE-2021-3965HigJan 14, 2022
    risk 0.49cvss 7.5epss 0.05

    Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

  • CVE-2021-3704HigNov 1, 2021
    risk 0.49cvss 7.5epss 0.01

    Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.

  • CVE-2021-22523HigJul 22, 2021
    risk 0.49cvss 7.6epss 0.01

    XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions.

  • CVE-2021-22516HigJun 4, 2021
    risk 0.49cvss 7.5epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.

  • CVE-2021-22496HigMar 25, 2021
    risk 0.49cvss 7.5epss 0.01

    Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.

  • CVE-2020-25837HigNov 5, 2020
    risk 0.49cvss 7.5epss 0.01

    Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information.

  • CVE-2020-11158HigSep 8, 2020
    risk 0.49cvss 7.5epss 0.01

    u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due to lack of check of PDF font array leads to denial of service' in IPS PDF releases prior to IPS System 2020.2

  • CVE-2020-11848HigAug 19, 2020
    risk 0.49cvss 7.5epss 0.01

    Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service.

  • CVE-2020-11842HigMay 4, 2020
    risk 0.49cvss 7.5epss 0.01

    Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view.

  • CVE-2015-2802HigFeb 4, 2020
    risk 0.49cvss 7.5epss 0.06

    An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive…

  • CVE-2019-17087HigDec 11, 2019
    risk 0.49cvss 7.5epss 0.01

    Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.

  • CVE-2019-11665HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-11667HigSep 17, 2019
    risk 0.49cvss 7.5epss 0.01

    Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.

  • CVE-2019-11669HigSep 10, 2019
    risk 0.49cvss 7.5epss 0.01

    Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.

  • CVE-2019-11668HigSep 10, 2019
    risk 0.49cvss 7.5epss 0.01

    HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service…

  • CVE-2019-11654HigAug 23, 2019
    risk 0.49cvss 7.5epss 0.03

    Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files.

  • CVE-2019-11648HigJun 24, 2019
    risk 0.49cvss 7.5epss 0.01

    An information leakage exists in Micro Focus NetIQ Self Service Password Reset Software all versions prior to version 4.4. The vulnerability could be exploited to expose sensitive information.

  • CVE-2016-1600HigMay 9, 2019
    risk 0.49cvss 7.5epss 0.01

    The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability.

  • CVE-2019-3489HigApr 1, 2019
    risk 0.49cvss 7.5epss 0.02

    An unauthenticated file upload vulnerability has been identified in the Web Client component of Micro Focus Content Manager 9.1, 9.2, and 9.3 when configured to use the ADFS authentication method. The vulnerability could be exploited by an unauthenticated remote attacker to…

  • CVE-2017-2748HigMar 27, 2019
    risk 0.49cvss 7.5epss 0.02

    A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.

  • CVE-2018-12469HigOct 12, 2018
    risk 0.49cvss 7.5epss 0.01

    Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2…

  • CVE-2018-6505HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.03

    A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.

  • CVE-2018-6500HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.04

    A potential Directory Traversal Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be remotely exploited to allow Directory Traversal.

  • CVE-2018-7686HigAug 9, 2018
    risk 0.49cvss 7.5epss 0.01

    Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage.

  • CVE-2018-7683HigJun 21, 2018
    risk 0.49cvss 7.5epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

  • CVE-2018-9028HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking.

  • CVE-2018-9026HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request.

  • CVE-2018-9025HigJun 18, 2018
    risk 0.49cvss 7.5epss 0.01

    An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input.

  • CVE-2017-7425HigNov 6, 2017
    risk 0.49cvss 7.6epss 0.01

    Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.

  • CVE-2017-9272HigOct 6, 2017
    risk 0.49cvss 7.5epss 0.01

    The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.

  • CVE-2017-9281HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.01

    An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.

  • CVE-2015-5436HigMay 11, 2017
    risk 0.49cvss 7.5epss 0.02

    A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in…

  • CVE-2017-5186HigApr 27, 2017
    risk 0.49cvss 7.5epss 0.01

    Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.

  • CVE-2017-5185HigMar 30, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.

  • CVE-2016-5754HigMar 23, 2017
    risk 0.49cvss 7.5epss 0.01

    Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before SP2.

Page 10 of 44