VYPR

Vendor CVEs

Microfocus

All CVEs

2,210 total · sorted by risk
  • CVE-2018-6494MedMay 22, 2018
    risk 0.35cvss 5.4epss 0.01

    Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.

  • CVE-2018-1348MedMar 26, 2018
    risk 0.35cvss 5.3epss 0.01

    NetIQ Identity Manager driver, in versions prior to 4.7, allows for an SSL handshake renegotiation which could result in a MITM attack.

  • CVE-2018-1347MedMar 21, 2018
    risk 0.35cvss 5.3epss 0.01

    The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting.

  • CVE-2017-7427MedMar 5, 2018
    risk 0.35cvss 5.4epss 0.01

    Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in…

  • CVE-2017-9285MedMar 2, 2018
    risk 0.35cvss 5.4epss 0.01

    NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.

  • CVE-2017-9276MedMar 2, 2018
    risk 0.35cvss 5.4epss 0.01

    Novell Access Manager iManager before 4.3.3 did not validate parameters so that cross site scripting content could be reflected back into the result page using the "a" parameter.

  • CVE-2017-14802MedMar 2, 2018
    risk 0.35cvss 5.4epss 0.01

    Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.

  • CVE-2017-7426MedMar 1, 2018
    risk 0.35cvss 5.4epss 0.01

    The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.

  • CVE-2017-14800MedMar 1, 2018
    risk 0.35cvss 5.4epss 0.01

    A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.

  • CVE-2017-14359MedNov 3, 2017
    risk 0.35cvss 5.4epss 0.01

    A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.

  • CVE-2017-9273MedOct 6, 2017
    risk 0.35cvss 5.3epss 0.01

    The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.

  • CVE-2017-13991MedSep 30, 2017
    risk 0.35cvss 5.3epss 0.01

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.

  • CVE-2017-13990MedSep 30, 2017
    risk 0.35cvss 5.3epss 0.01

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version.

  • CVE-2017-7422MedAug 21, 2017
    risk 0.35cvss 5.4epss 0.01

    Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection…

  • CVE-2017-7428MedMay 3, 2017
    risk 0.35cvss 5.3epss 0.01

    NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.

  • CVE-2017-5184MedMar 30, 2017
    risk 0.35cvss 5.3epss 0.01

    A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration).

  • CVE-2016-4393MedOct 28, 2016
    risk 0.35cvss 5.4epss 0.01

    HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

  • CVE-2016-1598MedOct 27, 2016
    risk 0.35cvss 5.4epss 0.01

    XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

  • CVE-2016-4380MedSep 8, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-2011MedMay 7, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.

  • CVE-2016-2010MedMay 7, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.

  • CVE-2015-5447MedJan 5, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2015-4000LowMay 21, 2015
    risk 0.35cvss 3.7epss 1.00

    The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by…

  • CVE-2023-32266MedOct 16, 2024
    risk 0.34cvss epss 0.00

    Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation.   This issue affects Application Lifecycle…

  • CVE-2021-3441MedOct 29, 2021
    risk 0.34cvss 4.8epss 0.02

    A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS).

  • CVE-2026-1578MedFeb 13, 2026
    risk 0.33cvss epss 0.00

    HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

  • CVE-2022-26327MedAug 21, 2024
    risk 0.33cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63.

  • CVE-2024-38496MedJul 15, 2024
    risk 0.33cvss epss 0.00

    The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.

  • CVE-2018-19644MedMar 27, 2019
    risk 0.33cvss 5.0epss 0.01

    Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

  • CVE-2018-7673MedMar 26, 2018
    risk 0.33cvss 5.1epss 0.01

    The NetIQ Identity Manager communication channel, in versions prior to 4.7, is susceptible to a DoS attack.

  • CVE-2017-17556MedDec 15, 2017
    risk 0.33cvss 5.1epss 0.01

    A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

  • CVE-2021-22535MedSep 28, 2021
    risk 0.32cvss 4.9epss 0.01

    Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.

  • CVE-2021-22526MedSep 13, 2021
    risk 0.32cvss 4.9epss 0.00

    Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4

  • CVE-2019-18944MedFeb 26, 2021
    risk 0.32cvss 4.9epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

  • CVE-2019-9488MedSep 11, 2019
    risk 0.32cvss 4.9epss 0.01

    Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep…

  • CVE-2024-7428MedAug 23, 2024
    risk 0.31cvss epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.

  • CVE-2024-7427MedAug 23, 2024
    risk 0.31cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.

  • CVE-2021-22515MedJul 12, 2021
    risk 0.31cvss 4.8epss 0.01

    Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

  • CVE-2019-18946MedFeb 26, 2021
    risk 0.31cvss 4.8epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

  • CVE-2021-22499MedFeb 6, 2021
    risk 0.31cvss 4.8epss 0.01

    Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.

  • CVE-2020-25833MedNov 17, 2020
    risk 0.31cvss 4.8epss 0.01

    Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.

  • CVE-2019-6332MedJan 9, 2020
    risk 0.31cvss 4.8epss 0.01

    A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A -…

  • CVE-2019-6324MedJun 17, 2019
    risk 0.31cvss 4.8epss 0.01

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page

  • CVE-2018-12462MedJul 10, 2018
    risk 0.31cvss 4.8epss 0.01

    NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.

  • CVE-2018-7681MedJun 21, 2018
    risk 0.31cvss 4.8epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.

  • CVE-2018-6492MedMay 22, 2018
    risk 0.31cvss 4.7epss 0.02

    Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited…

  • CVE-2017-9284MedApr 26, 2018
    risk 0.31cvss 4.8epss 0.01

    IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.

  • CVE-2023-1526MedApr 28, 2023
    risk 0.30cvss 4.6epss 0.01

    Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

  • CVE-2021-39237MedNov 3, 2021
    risk 0.30cvss 4.6epss 0.02

    Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.

  • CVE-2019-16285MedNov 22, 2019
    risk 0.30cvss 4.6epss 0.01

    If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.

Page 15 of 45