Vendor CVEs
Microfocus
All CVEs
2,211 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24469 | Med | 0.40 | 6.1 | 0.00 | Jun 13, 2023 | Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 | ||
| CVE-2022-26331 | Med | 0.40 | 6.1 | 0.00 | Aug 31, 2022 | Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2… | ||
| CVE-2021-22531 | Med | 0.40 | 6.1 | 0.01 | May 12, 2022 | A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 | ||
| CVE-2021-38127 | Med | 0.40 | 6.1 | 0.01 | Jan 14, 2022 | Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||
| CVE-2021-38126 | Med | 0.40 | 6.1 | 0.01 | Jan 14, 2022 | Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||
| CVE-2021-38123 | Med | 0.40 | 6.1 | 0.01 | Sep 7, 2021 | Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | ||
| CVE-2020-25840 | Med | 0.40 | 6.1 | 0.01 | Mar 26, 2021 | Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. | ||
| CVE-2019-18943 | Med | 0.40 | 6.1 | 0.00 | Feb 26, 2021 | Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | ||
| CVE-2020-11860 | Med | 0.40 | 6.1 | 0.01 | Nov 17, 2020 | Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) | ||
| CVE-2020-9522 | Med | 0.40 | 6.1 | 0.01 | Jun 16, 2020 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||
| CVE-2020-11839 | Med | 0.40 | 6.1 | 0.01 | Jun 12, 2020 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||
| CVE-2020-11845 | Med | 0.40 | 6.1 | 0.01 | May 19, 2020 | Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. | ||
| CVE-2019-11651 | Med | 0.40 | 6.1 | 0.01 | Oct 2, 2019 | Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain… | ||
| CVE-2019-4086 | Med | 0.40 | 6.1 | 0.01 | Sep 17, 2019 | IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and… | ||
| CVE-2019-11647 | Med | 0.40 | 6.1 | 0.01 | Jun 24, 2019 | A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack. | ||
| CVE-2019-6323 | Med | 0.40 | 6.1 | 0.01 | Jun 17, 2019 | HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page. | ||
| CVE-2019-3477 | Med | 0.40 | 6.1 | 0.01 | Jun 7, 2019 | Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | ||
| CVE-2018-19641 | Med | 0.40 | 6.1 | 0.01 | Mar 27, 2019 | Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||
| CVE-2019-3480 | Med | 0.40 | 6.1 | 0.01 | Mar 25, 2019 | Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7. | ||
| CVE-2019-10016 | Med | 0.40 | 6.1 | 0.01 | Mar 25, 2019 | GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring. | ||
| CVE-2018-17949 | Med | 0.40 | 6.1 | 0.01 | Dec 12, 2018 | Cross site scripting vulnerability in iManager prior to 3.1 SP2. | ||
| CVE-2018-17948 | Med | 0.40 | 6.1 | 0.01 | Nov 20, 2018 | An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | ||
| CVE-2018-12480 | Med | 0.40 | 6.1 | 0.01 | Nov 15, 2018 | Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3. | ||
| CVE-2018-9027 | Med | 0.40 | 6.1 | 0.01 | Jun 18, 2018 | A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | ||
| CVE-2017-14358 | Med | 0.40 | 6.1 | 0.01 | Oct 31, 2017 | A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site. | ||
| CVE-2017-14357 | Med | 0.40 | 6.1 | 0.01 | Oct 31, 2017 | A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS) | ||
| CVE-2017-14354 | Med | 0.40 | 6.1 | 0.01 | Oct 5, 2017 | A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting. | ||
| CVE-2017-14352 | Med | 0.40 | 6.1 | 0.01 | Sep 30, 2017 | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. | ||
| CVE-2017-13986 | Med | 0.40 | 6.1 | 0.01 | Sep 30, 2017 | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | ||
| CVE-2017-7421 | Med | 0.40 | 6.1 | 0.01 | Aug 21, 2017 | Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1… | ||
| CVE-2017-7430 | Med | 0.40 | 6.1 | 0.01 | May 3, 2017 | Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | ||
| CVE-2017-5191 | Med | 0.40 | 6.1 | 0.01 | Apr 24, 2017 | An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. | ||
| CVE-2017-5183 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | ||
| CVE-2016-5761 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | ||
| CVE-2016-5760 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2)… | ||
| CVE-2016-5756 | Med | 0.40 | 6.1 | 0.01 | Mar 23, 2017 | Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,… | ||
| CVE-2016-5751 | Med | 0.40 | 6.1 | 0.01 | Mar 23, 2017 | An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. | ||
| CVE-2016-1592 | Med | 0.40 | 6.1 | 0.01 | Oct 27, 2016 | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | ||
| CVE-2015-0787 | Med | 0.40 | 6.1 | 0.01 | Oct 27, 2016 | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | ||
| CVE-2016-4363 | Med | 0.40 | 6.1 | 0.02 | Jun 8, 2016 | HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | ||
| CVE-2016-1599 | Med | 0.40 | 6.1 | 0.01 | Mar 24, 2016 | Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||
| CVE-2021-22527 | Med | 0.39 | 6.0 | 0.01 | Sep 13, 2021 | Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | ||
| CVE-2018-6490 | Med | 0.39 | 5.9 | 0.03 | Mar 2, 2018 | Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service. | ||
| CVE-2017-14360 | Med | 0.39 | 5.9 | 0.02 | Nov 8, 2017 | A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). | ||
| CVE-2016-8106 | Med | 0.39 | 5.9 | 0.05 | Jan 9, 2017 | A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions. | ||
| CVE-2016-2244 | Med | 0.39 | 5.9 | 0.03 | Mar 4, 2016 | HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2000-0972 | Med | 0.39 | 5.5 | 0.01 | Dec 19, 2000 | HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | ||
| CVE-2026-42626 | Med | 0.38 | 5.9 | 0.00 | May 22, 2026 | HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets,… | ||
| CVE-2023-7240 | Med | 0.38 | 5.8 | 0.00 | May 7, 2024 | An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to… | ||
| CVE-2020-25835 | Med | 0.38 | 5.9 | 0.00 | Dec 9, 2023 | A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). |
- risk 0.40cvss 6.1epss 0.00
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0
- risk 0.40cvss 6.1epss 0.00
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2…
- risk 0.40cvss 6.1epss 0.01
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
- risk 0.40cvss 6.1epss 0.01
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
- risk 0.40cvss 6.1epss 0.01
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
- risk 0.40cvss 6.1epss 0.01
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
- risk 0.40cvss 6.1epss 0.01
Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.
- risk 0.40cvss 6.1epss 0.00
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
- risk 0.40cvss 6.1epss 0.01
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
- risk 0.40cvss 6.1epss 0.01
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain…
- risk 0.40cvss 6.1epss 0.01
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and…
- risk 0.40cvss 6.1epss 0.01
A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.
- risk 0.40cvss 6.1epss 0.01
HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.
- risk 0.40cvss 6.1epss 0.01
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
- risk 0.40cvss 6.1epss 0.01
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
- risk 0.40cvss 6.1epss 0.01
Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.
- risk 0.40cvss 6.1epss 0.01
GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
- risk 0.40cvss 6.1epss 0.01
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
- risk 0.40cvss 6.1epss 0.01
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
- risk 0.40cvss 6.1epss 0.01
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
- risk 0.40cvss 6.1epss 0.01
A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.
- risk 0.40cvss 6.1epss 0.01
A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.
- risk 0.40cvss 6.1epss 0.01
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)
- risk 0.40cvss 6.1epss 0.01
A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.
- risk 0.40cvss 6.1epss 0.01
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.
- risk 0.40cvss 6.1epss 0.01
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
- risk 0.40cvss 6.1epss 0.01
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1…
- risk 0.40cvss 6.1epss 0.01
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.
- risk 0.40cvss 6.1epss 0.01
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
- risk 0.40cvss 6.1epss 0.01
NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.
- risk 0.40cvss 6.1epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2)…
- risk 0.40cvss 6.1epss 0.01
Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,…
- risk 0.40cvss 6.1epss 0.01
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.
- risk 0.40cvss 6.1epss 0.01
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
- risk 0.40cvss 6.1epss 0.01
XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.
- risk 0.40cvss 6.1epss 0.02
HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- risk 0.39cvss 6.0epss 0.01
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
- risk 0.39cvss 5.9epss 0.03
Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.
- risk 0.39cvss 5.9epss 0.02
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).
- risk 0.39cvss 5.9epss 0.05
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
- risk 0.39cvss 5.9epss 0.03
HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.
- risk 0.39cvss 5.5epss 0.01
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
- risk 0.38cvss 5.9epss 0.00
HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets,…
- risk 0.38cvss 5.8epss 0.00
An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to…
- risk 0.38cvss 5.9epss 0.00
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).
Page 13 of 45