VYPR

Vendor CVEs

Microfocus

All CVEs

2,211 total · sorted by risk
  • CVE-2023-24469MedJun 13, 2023
    risk 0.40cvss 6.1epss 0.00

    Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0

  • CVE-2022-26331MedAug 31, 2022
    risk 0.40cvss 6.1epss 0.00

    Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2…

  • CVE-2021-22531MedMay 12, 2022
    risk 0.40cvss 6.1epss 0.01

    A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0

  • CVE-2021-38127MedJan 14, 2022
    risk 0.40cvss 6.1epss 0.01

    Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).

  • CVE-2021-38126MedJan 14, 2022
    risk 0.40cvss 6.1epss 0.01

    Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).

  • CVE-2021-38123MedSep 7, 2021
    risk 0.40cvss 6.1epss 0.01

    Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.

  • CVE-2020-25840MedMar 26, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction.

  • CVE-2019-18943MedFeb 26, 2021
    risk 0.40cvss 6.1epss 0.00

    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.

  • CVE-2020-11860MedNov 17, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)

  • CVE-2020-9522MedJun 16, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.

  • CVE-2020-11839MedJun 12, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.

  • CVE-2020-11845MedMay 19, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.

  • CVE-2019-11651MedOct 2, 2019
    risk 0.40cvss 6.1epss 0.01

    Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain…

  • CVE-2019-4086MedSep 17, 2019
    risk 0.40cvss 6.1epss 0.01

    IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and…

  • CVE-2019-11647MedJun 24, 2019
    risk 0.40cvss 6.1epss 0.01

    A potential XSS exists in Self Service Password Reset, in Micro Focus NetIQ Software all versions prior to version 4.4. The vulnerability could be exploited to enable an XSS attack.

  • CVE-2019-6323MedJun 17, 2019
    risk 0.40cvss 6.1epss 0.01

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to reflected XSS in wireless configuration page.

  • CVE-2019-3477MedJun 7, 2019
    risk 0.40cvss 6.1epss 0.01

    Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.

  • CVE-2018-19641MedMar 27, 2019
    risk 0.40cvss 6.1epss 0.01

    Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

  • CVE-2019-3480MedMar 25, 2019
    risk 0.40cvss 6.1epss 0.01

    Mitigates a stored/reflected XSS issue in ArcSight Logger versions prior to 6.7.

  • CVE-2019-10016MedMar 25, 2019
    risk 0.40cvss 6.1epss 0.01

    GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.

  • CVE-2018-17949MedDec 12, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross site scripting vulnerability in iManager prior to 3.1 SP2.

  • CVE-2018-17948MedNov 20, 2018
    risk 0.40cvss 6.1epss 0.01

    An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.

  • CVE-2018-12480MedNov 15, 2018
    risk 0.40cvss 6.1epss 0.01

    Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.

  • CVE-2018-9027MedJun 18, 2018
    risk 0.40cvss 6.1epss 0.01

    A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link.

  • CVE-2017-14358MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

  • CVE-2017-14357MedOct 31, 2017
    risk 0.40cvss 6.1epss 0.01

    A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

  • CVE-2017-14354MedOct 5, 2017
    risk 0.40cvss 6.1epss 0.01

    A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.

  • CVE-2017-14352MedSep 30, 2017
    risk 0.40cvss 6.1epss 0.01

    A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting.

  • CVE-2017-13986MedSep 30, 2017
    risk 0.40cvss 6.1epss 0.01

    A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.

  • CVE-2017-7421MedAug 21, 2017
    risk 0.40cvss 6.1epss 0.01

    Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1…

  • CVE-2017-7430MedMay 3, 2017
    risk 0.40cvss 6.1epss 0.01

    Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework.

  • CVE-2017-5191MedApr 24, 2017
    risk 0.40cvss 6.1epss 0.01

    An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.

  • CVE-2017-5183MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document.

  • CVE-2016-5761MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email.

  • CVE-2016-5760MedApr 20, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or HTML via the (1) token parameter to gwadmin-console/install/login.jsp or (2)…

  • CVE-2016-5756MedMar 23, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,…

  • CVE-2016-5751MedMar 23, 2017
    risk 0.40cvss 6.1epss 0.01

    An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials.

  • CVE-2016-1592MedOct 27, 2016
    risk 0.40cvss 6.1epss 0.01

    XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

  • CVE-2015-0787MedOct 27, 2016
    risk 0.40cvss 6.1epss 0.01

    XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.

  • CVE-2016-4363MedJun 8, 2016
    risk 0.40cvss 6.1epss 0.02

    HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.

  • CVE-2016-1599MedMar 24, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2021-22527MedSep 13, 2021
    risk 0.39cvss 6.0epss 0.01

    Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

  • CVE-2018-6490MedMar 2, 2018
    risk 0.39cvss 5.9epss 0.03

    Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. This vulnerability could be remotely exploited to allow Denial of Service.

  • CVE-2017-14360MedNov 8, 2017
    risk 0.39cvss 5.9epss 0.02

    A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).

  • CVE-2016-8106MedJan 9, 2017
    risk 0.39cvss 5.9epss 0.05

    A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

  • CVE-2016-2244MedMar 4, 2016
    risk 0.39cvss 5.9epss 0.03

    HP LaserJet printers and MFPs and OfficeJet Enterprise printers with firmware before 3.7.01 allow remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2000-0972MedDec 19, 2000
    risk 0.39cvss 5.5epss 0.01

    HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

  • CVE-2026-42626MedMay 22, 2026
    risk 0.38cvss 5.9epss 0.00

    HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets,…

  • CVE-2023-7240MedMay 7, 2024
    risk 0.38cvss 5.8epss 0.00

     An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to…

  • CVE-2020-25835MedDec 9, 2023
    risk 0.38cvss 5.9epss 0.00

    A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).

Page 13 of 45