Serena
Products
3- 4 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19645 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2019 | An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||
| CVE-2019-18943 | Med | 0.40 | 6.1 | 0.00 | Feb 26, 2021 | Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. | ||
| CVE-2018-19641 | Med | 0.40 | 6.1 | 0.01 | Mar 27, 2019 | Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | ||
| CVE-2018-7680 | Med | 0.40 | 6.1 | 0.01 | Jun 21, 2018 | Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | ||
| CVE-2004-2563 | 0.03 | — | 0.02 | Dec 31, 2004 | Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. | |||
| CVE-2014-0336 | 0.00 | — | 0.01 | Mar 6, 2014 | Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI. | |||
| CVE-2014-0335 | 0.00 | — | 0.01 | Mar 6, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7)… |
- risk 0.64cvss 9.8epss 0.01
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
- risk 0.40cvss 6.1epss 0.00
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
- risk 0.40cvss 6.1epss 0.01
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
- risk 0.40cvss 6.1epss 0.01
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
- CVE-2004-2563Dec 31, 2004risk 0.03cvss —epss 0.02
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
- CVE-2014-0336Mar 6, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the adminconsole/ URI.
- CVE-2014-0335Mar 6, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7)…