VYPR

Vendor CVEs

Microfocus

All CVEs

2,209 total · sorted by risk
  • CVE-2018-18593MedDec 31, 2018
    risk 0.43cvss 6.5epss 0.07

    Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22 CUP6, 10.22 CUP7, 10.33, 10.33 CUP1, 10.33 CUP2, 10.33 CUP3, 2018.02, 2018.05,…

  • CVE-2018-7113MedDec 3, 2018
    risk 0.43cvss 6.6epss 0.01

    A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.

  • CVE-2016-1605MedAug 1, 2016
    risk 0.43cvss 6.5epss 0.04

    Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileType field.

  • CVE-2016-2775MedJul 19, 2016
    risk 0.43cvss 5.9epss 0.63

    ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

  • CVE-2026-9493MedMay 29, 2026
    risk 0.42cvss 6.5epss 0.00

    Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details.

  • CVE-2025-3756MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks could exploit the vulnera bility by using a specially crafted 61850 packet, forcing…

  • CVE-2024-29080MedJul 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.

  • CVE-2024-24970MedJul 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.

  • CVE-2023-32260MedMar 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerability could allow Input data manipulation.This issue affects Service…

  • CVE-2023-32267MedAug 11, 2023
    risk 0.42cvss 6.4epss 0.00

    A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.

  • CVE-2022-26330MedAug 31, 2022
    risk 0.42cvss 6.5epss 0.01

    Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2…

  • CVE-2021-38130MedFeb 4, 2022
    risk 0.42cvss 6.5epss 0.01

    A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.

  • CVE-2021-22500MedFeb 6, 2021
    risk 0.42cvss 6.5epss 0.00

    Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing.

  • CVE-2020-25838MedDec 11, 2020
    risk 0.42cvss 6.5epss 0.01

    Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.

  • CVE-2019-18917MedMar 16, 2020
    risk 0.42cvss 6.5epss 0.01

    A potential security vulnerability has been identified for certain HP Printers and All-in-Ones that would allow bypassing account lockout.

  • CVE-2019-0399MedDec 11, 2019
    risk 0.42cvss 6.5epss 0.01

    SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.

  • CVE-2019-17085MedNov 18, 2019
    risk 0.42cvss 6.5epss 0.01

    XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.

  • CVE-2019-11664MedSep 18, 2019
    risk 0.42cvss 6.5epss 0.01

    Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-11663MedSep 18, 2019
    risk 0.42cvss 6.5epss 0.00

    Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

  • CVE-2019-5408MedAug 9, 2019
    risk 0.42cvss 6.5epss 0.02

    Command View Advanced Edition (CVAE) products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are…

  • CVE-2019-11946MedJun 5, 2019
    risk 0.42cvss 6.5epss 0.01

    A remote credential disclosure vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2019-3483MedMar 25, 2019
    risk 0.42cvss 6.5epss 0.02

    Mitigates a potential information leakage issue in ArcSight Logger versions prior to 6.7.

  • CVE-2018-6502MedSep 20, 2018
    risk 0.42cvss 6.5epss 0.01

    A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS).

  • CVE-2018-7682MedJun 22, 2018
    risk 0.42cvss 6.5epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.

  • CVE-2017-13988MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.01

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.

  • CVE-2017-13987MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.01

    An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.

  • CVE-2017-13985MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.03

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.

  • CVE-2017-13984MedSep 30, 2017
    risk 0.42cvss 6.5epss 0.02

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.

  • CVE-2017-7424MedAug 21, 2017
    risk 0.42cvss 6.5epss 0.02

    A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product,…

  • CVE-2017-7433MedMay 18, 2017
    risk 0.42cvss 6.5epss 0.01

    An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the attack can be performed…

  • CVE-2016-5755MedMar 23, 2017
    risk 0.42cvss 6.5epss 0.01

    NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.

  • CVE-2016-1603MedMar 23, 2017
    risk 0.42cvss 6.5epss 0.01

    An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users.

  • CVE-2016-5765MedNov 29, 2016
    risk 0.42cvss 6.5epss 0.02

    Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that…

  • CVE-2016-4394MedOct 28, 2016
    risk 0.42cvss 6.5epss 0.03

    HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

  • CVE-2016-6306MedSep 26, 2016
    risk 0.42cvss 5.9epss 0.42

    The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

  • CVE-2016-2013MedMay 7, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2012MedMay 7, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors.

  • CVE-2016-1994MedMar 18, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE System Management Homepage before 7.5.4 allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-1992MedMar 17, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2015-5434MedJan 5, 2016
    risk 0.42cvss 6.5epss 0.02

    HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and forwarding (VRF) hopping."

  • CVE-2022-38753MedNov 28, 2022
    risk 0.41cvss 6.3epss 0.00

    This update resolves a multi-factor authentication bypass attack

  • CVE-2017-20038MedJun 11, 2022
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched…

  • CVE-2017-20037MedJun 11, 2022
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.

  • CVE-2019-5400MedAug 9, 2019
    risk 0.41cvss 6.3epss 0.01

    A remote session reuse vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

  • CVE-2018-7125MedJun 5, 2019
    risk 0.41cvss 6.3epss 0.01

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-18589MedOct 23, 2018
    risk 0.41cvss 6.3epss 0.02

    A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. The vulnerability could be exploited to execute arbitrary code.

  • CVE-2015-6864MedJan 16, 2016
    risk 0.41cvss 6.3epss 0.01

    HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

  • CVE-2024-2300MedJun 12, 2024
    risk 0.40cvss 6.2epss 0.00

    HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices.

  • CVE-2023-5113MedOct 4, 2023
    risk 0.40cvss 6.1epss 0.00

    Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.

  • CVE-2023-24469MedJun 13, 2023
    risk 0.40cvss 6.1epss 0.00

    Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0

Page 12 of 45