VYPR

Vendor CVEs

Microfocus

All CVEs

2,227 total · sorted by risk
  • CVE-2019-18944MedFeb 26, 2021
    risk 0.32cvss 4.9epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

  • CVE-2019-9488MedSep 11, 2019
    risk 0.32cvss 4.9epss 0.01

    Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep…

  • CVE-2024-7428MedAug 23, 2024
    risk 0.31cvss epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.

  • CVE-2024-7427MedAug 23, 2024
    risk 0.31cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.

  • CVE-2021-22515MedJul 12, 2021
    risk 0.31cvss 4.8epss 0.01

    Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1.

  • CVE-2019-18946MedFeb 26, 2021
    risk 0.31cvss 4.8epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

  • CVE-2021-22499MedFeb 6, 2021
    risk 0.31cvss 4.8epss 0.01

    Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.

  • CVE-2020-25833MedNov 17, 2020
    risk 0.31cvss 4.8epss 0.01

    Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack.

  • CVE-2019-6332MedJan 9, 2020
    risk 0.31cvss 4.8epss 0.01

    A potential security vulnerability has been identified with certain HP InkJet printers. The vulnerability could be exploited to allow cross-site scripting (XSS). Affected products and versions include: HP DeskJet 2600 All-in-One Printer series model numbers 4UJ28B, V1N01A -…

  • CVE-2019-6324MedJun 17, 2019
    risk 0.31cvss 4.8epss 0.01

    HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an embedded web server potentially vulnerable to stored XSS in wireless configuration page

  • CVE-2018-12462MedJul 10, 2018
    risk 0.31cvss 4.8epss 0.01

    NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.

  • CVE-2018-7681MedJun 21, 2018
    risk 0.31cvss 4.8epss 0.01

    Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.

  • CVE-2018-6492MedMay 22, 2018
    risk 0.31cvss 4.7epss 0.02

    Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited…

  • CVE-2017-9284MedApr 26, 2018
    risk 0.31cvss 4.8epss 0.01

    IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information.

  • CVE-2023-1526MedApr 28, 2023
    risk 0.30cvss 4.6epss 0.01

    Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

  • CVE-2021-39237MedNov 3, 2021
    risk 0.30cvss 4.6epss 0.02

    Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.

  • CVE-2019-16285MedNov 22, 2019
    risk 0.30cvss 4.6epss 0.01

    If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.

  • CVE-2019-3485MedJul 24, 2019
    risk 0.30cvss 4.6epss 0.01

    Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1

  • CVE-2017-7437MedMar 5, 2018
    risk 0.30cvss 4.6epss 0.01

    NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.

  • CVE-2017-7438MedMar 2, 2018
    risk 0.30cvss 4.6epss 0.01

    NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied cookie parameter.

  • CVE-2017-7419MedMar 2, 2018
    risk 0.30cvss 4.6epss 0.01

    A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 before 4.2.4 allowed cross site scripting attacks due to unescaped "description" field that could be specified by the provider.

  • CVE-2017-14801MedMar 2, 2018
    risk 0.30cvss 4.6epss 0.01

    Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.

  • CVE-2017-14799MedMar 1, 2018
    risk 0.30cvss 4.6epss 0.01

    A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.

  • CVE-2025-71292MedMay 6, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for some child directory (not moving from the parent), then the nlink of the first…

  • CVE-2016-4381MedSep 8, 2016
    risk 0.29cvss 4.5epss 0.00

    HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors.

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2024-0967MedMar 1, 2024
    risk 0.28cvss 4.3epss 0.01

    A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited.

  • CVE-2023-4468MedDec 29, 2023
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack…

  • CVE-2023-32262MedJul 19, 2023
    risk 0.28cvss 4.3epss 0.01

    A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for…

  • CVE-2022-38756MedDec 16, 2022
    risk 0.28cvss 4.3epss 0.01

    A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.

  • CVE-2020-11841MedJun 16, 2020
    risk 0.28cvss 4.3epss 0.01

    Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.

  • CVE-2020-11840MedJun 16, 2020
    risk 0.28cvss 4.3epss 0.01

    Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.

  • CVE-2019-11662MedSep 18, 2019
    risk 0.28cvss 4.3epss 0.01

    Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error…

  • CVE-2019-5393MedJun 5, 2019
    risk 0.28cvss 4.3epss 0.02

    A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • CVE-2017-9280MedMar 2, 2018
    risk 0.28cvss 4.3epss 0.01

    Some NetIQ Identity Manager Applications before Identity Manager 4.5.6.1 included the session token in GET URLs, potentially allowing exposure of user sessions to untrusted third parties via proxies, referer urls or similar.

  • CVE-2017-5189MedMar 2, 2018
    risk 0.28cvss 4.3epss 0.01

    NetIQ iManager before 3.0.3 delivered a SSL private key in a Java application (JAR file) for authentication to Sentinel, allowing attackers to extract and establish their own connections to the Sentinel appliance.

  • CVE-2023-32261MedJul 19, 2023
    risk 0.27cvss 4.2epss 0.01

    A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for…

  • CVE-2022-26326MedMay 2, 2022
    risk 0.26cvss 4.0epss 0.00

    Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2

  • CVE-2021-22497LowApr 12, 2021
    risk 0.25cvss 3.8epss 0.01

    Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.

  • CVE-2018-7676LowMar 28, 2018
    risk 0.25cvss 3.9epss 0.01

    The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information.

  • CVE-2016-4379LowSep 8, 2016
    risk 0.24cvss 3.7epss 0.02

    The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) firmware before 1.88 does not properly use a MAC protection mechanism in conjunction with CBC padding, which allows remote attackers to obtain sensitive information via a padding-oracle attack, aka a Vaudenay…

  • CVE-2015-6858LowJan 5, 2016
    risk 0.24cvss 3.7epss 0.03

    HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2019-18947LowFeb 26, 2021
    risk 0.23cvss 3.5epss 0.00

    Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.

  • CVE-2018-12461LowJul 10, 2018
    risk 0.23cvss 3.5epss 0.00

    Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.

  • CVE-2018-7678LowMar 14, 2018
    risk 0.23cvss 3.5epss 0.01

    A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.

  • CVE-2018-7677LowMar 14, 2018
    risk 0.23cvss 3.5epss 0.01

    A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.

  • CVE-2017-9278LowMar 2, 2018
    risk 0.22cvss 3.3epss 0.01

    The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

  • CVE-2017-7434LowMar 2, 2018
    risk 0.22cvss 3.3epss 0.01

    In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.

  • CVE-2025-37164KEVDec 16, 2025
    risk 0.21cvss epss 0.90

    A remote code execution issue exists in HPE OneView.

  • CVE-2023-5449LowOct 13, 2023
    risk 0.21cvss 3.3epss 0.00

    A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.

Page 16 of 45