nvd
Microfocus
Vulnerabilities
271
Known exploited
2
Critical
59
High
87
Top products
Imanager22Solutions Business Manager17Access Manager16Edirectory16Service Manager16Enterprise Developer12Enterprise Server12Netiq Advanced Authentication11Application Automation Tools9Arcsight Logger9Arcsight Enterprise Security Manager8Arcsight Management Center8Operations Agent7Operations Bridge7Filr6Operations Bridge Manager6Application Performance Management5Identity Manager5Netiq Access Manager5Visibroker5
Top vulnerabilities
CVE-2014-7885Multiple unspecified vulnerabilities in HP ArcSight Enterprise Security Manager (ESM) before 6.8c have unknown impact and remote attack vectors.
CVE-2012-5932Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
CVE-2012-0432Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2008-7126Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
CVE-2021-22530A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
CVE-2024-3969XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
CVE-2024-3968Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution using custom file upload task.
CVE-2024-3967Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger remote code execution unisng unsafe java object deserialization.
CVE-2024-3488File Upload vulnerability in unauthenticated
session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a
file without authentication.
CVE-2024-3487Broken Authentication vulnerability discovered in OpenText™ iManager 3.2.6.0200. This
vulnerability allows an attacker to manipulate certain parameters to bypass
authentication.
CVE-2024-3486XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
CVE-2024-3484Path Traversal found in OpenText™ iManager 3.2.6.0200. This can lead to privilege escalation
or file disclosure.
CVE-2024-3483Remote Code
Execution has been discovered in
OpenText™ iManager 3.2.6.0200. The vulnerability can
trigger command injection and insecure deserialization issues.
CVE-2023-5913Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
CVE-2023-4501User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.
Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.
Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.
CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
CVE-2023-24467Possible Command Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0000.
CVE-2023-24466Possible XML External Entity Injection
in iManager GET parameter has been discovered in
OpenText™ iManager 3.2.6.0200.
CVE-2021-38135Possible
External Service Interaction attack
in iManager has been discovered in
OpenText™ iManager 3.2.6.0000.
CVE-2021-38132Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVE-2021-38125Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
CVE-2021-38124Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
CVE-2021-38117Possible Command injection Vulnerability
in iManager has been discovered in
OpenText™ iManager 3.2.4.0000.
CVE-2021-22519Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.41 , 2018.05(11.50), 2018.08(11.51), 2018.11(11.60), 2019.02(11.70), 2019.05(11.80), 2019.08(11.90), 2019.11(11.91), 2020.05(11.92), 2020.10(11.93). The vulnerability could allow remote attackers to execute arbitrary code on affected installations of SiteScope.
CVE-2021-22514An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.