VYPR

Vendor CVEs

Microfocus

All CVEs

2,209 total · sorted by risk
  • CVE-2019-11989MedJul 19, 2019
    risk 0.38cvss 5.9epss 0.02

    A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for…

  • CVE-2019-11650MedJul 10, 2019
    risk 0.38cvss 5.9epss 0.01

    A potential Man in the Middle attack (MITM) was found in NetIQ Advanced Authentication Framework versions prior to 6.0.

  • CVE-2019-5392MedJun 5, 2019
    risk 0.38cvss 5.3epss 0.07

    A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2018-1345MedMar 21, 2018
    risk 0.38cvss 5.9epss 0.01

    NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack.

  • CVE-2017-14363MedDec 21, 2017
    risk 0.38cvss 5.9epss 0.01

    Cross-Site Scripting (XSS) vulnerability has been identified in Micro Focus Operations Manager i, versions 10.60, 10.61, 10.62. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS).

  • CVE-2016-1596MedApr 22, 2016
    risk 0.38cvss 5.4epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent,…

  • CVE-2016-1987MedFeb 18, 2016
    risk 0.38cvss 5.9epss 0.02

    HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.

  • CVE-2025-8997MedAug 25, 2025
    risk 0.37cvss epss 0.00

    An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.

  • CVE-2020-6923MedDec 19, 2024
    risk 0.37cvss 5.7epss 0.00

    The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.

  • CVE-2024-1695MedMay 6, 2024
    risk 0.37cvss 5.7epss 0.00

    A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software updates to mitigate this potential vulnerability.

  • CVE-2012-1994MedFeb 10, 2020
    risk 0.37cvss 5.7epss 0.01

    HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information

  • CVE-2026-3291MedMay 6, 2026
    risk 0.36cvss 5.5epss 0.00

    Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

  • CVE-2024-51765MedNov 15, 2024
    risk 0.36cvss 5.5epss 0.00

    A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS). Depending on configuration, this vulnerability may lead to local/cluster unauthorized access.

  • CVE-2022-31643MedApr 28, 2023
    risk 0.36cvss 5.5epss 0.00

    A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.

  • CVE-2022-1602MedSep 13, 2022
    risk 0.36cvss 5.5epss 0.00

    A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability…

  • CVE-2022-23958MedMar 2, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

  • CVE-2022-23957MedMar 2, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

  • CVE-2022-23955MedMar 2, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

  • CVE-2022-23954MedMar 2, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

  • CVE-2022-23956MedMar 2, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

  • CVE-2022-23953MedMar 2, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

  • CVE-2020-6920MedFeb 16, 2022
    risk 0.36cvss 5.5epss 0.01

    Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software.

  • CVE-2022-23456MedJan 28, 2022
    risk 0.36cvss 5.5epss 0.00

    Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software.

  • CVE-2021-22525MedSep 2, 2021
    risk 0.36cvss 5.5epss 0.00

    This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1

  • CVE-2019-18942MedFeb 26, 2021
    risk 0.36cvss 5.5epss 0.00

    Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.

  • CVE-2018-7115MedDec 3, 2018
    risk 0.36cvss 5.3epss 0.13

    HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

  • CVE-2018-7112MedDec 3, 2018
    risk 0.36cvss 5.5epss 0.01

    The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system…

  • CVE-2016-5749MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.00

    NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML External Entity (XXE) attack.

  • CVE-2016-5748MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.00

    External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.

  • CVE-2016-2023MedMay 30, 2016
    risk 0.36cvss 5.5epss 0.00

    HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2016MedMay 14, 2016
    risk 0.36cvss 5.5epss 0.00

    Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 through B.05.01.03, and Base-VxFS-51 B.05.10.00 through B.05.10.02 on HPE HP-UX 11iv3 with VxFS 5.0, VxFS 5.0.1, and VxFS 5.1SP1 mishandles ACL inheritance for default:class: entries, default:other: entries, and…

  • CVE-2022-38755MedNov 21, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus…

  • CVE-2021-22524MedSep 13, 2021
    risk 0.35cvss 5.4epss 0.01

    Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

  • CVE-2020-25832MedNov 17, 2020
    risk 0.35cvss 5.4epss 0.01

    Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack.

  • CVE-2020-25834MedNov 17, 2020
    risk 0.35cvss 5.4epss 0.01

    Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS).

  • CVE-2020-11838MedJun 16, 2020
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.

  • CVE-2020-9524MedMay 18, 2020
    risk 0.35cvss 5.4epss 0.01

    Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left…

  • CVE-2020-9520MedMar 25, 2020
    risk 0.35cvss 5.4epss 0.01

    A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker…

  • CVE-2020-9518MedMar 16, 2020
    risk 0.35cvss 5.3epss 0.01

    Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.

  • CVE-2020-9519MedMar 16, 2020
    risk 0.35cvss 5.3epss 0.01

    HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.

  • CVE-2020-9517MedMar 9, 2020
    risk 0.35cvss 5.4epss 0.00

    There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.

  • CVE-2019-11656MedOct 4, 2019
    risk 0.35cvss 5.4epss 0.01

    Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. This vulnerability could allow Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

  • CVE-2019-5398MedAug 9, 2019
    risk 0.35cvss 5.4epss 0.01

    A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.

  • CVE-2019-4131MedJul 11, 2019
    risk 0.35cvss 5.3epss 0.02

    IBM Application Performance Management (IBM Monitoring 8.1.4) could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names. IBM X-Force ID: 158270.

  • CVE-2019-11649MedJun 19, 2019
    risk 0.35cvss 5.4epss 0.01

    Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The…

  • CVE-2018-7122MedJun 5, 2019
    risk 0.35cvss 5.3epss 0.02

    A remote disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2016-4392MedAug 6, 2018
    risk 0.35cvss 5.4epss 0.01

    A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.

  • CVE-2018-9024MedJun 18, 2018
    risk 0.35cvss 5.3epss 0.01

    An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file.

  • CVE-2018-6495MedMay 23, 2018
    risk 0.35cvss 5.4epss 0.01

    Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be…

  • CVE-2018-6494MedMay 22, 2018
    risk 0.35cvss 5.4epss 0.01

    Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.

Page 14 of 45