Filtered by vendor Microfocus Subscriptions
Total 248 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-17952 1 Microfocus 1 Edirectory 2024-11-21 N/A
Cross site scripting vulnerability in eDirectory prior to 9.1 SP2
CVE-2018-17950 1 Microfocus 1 Edirectory 2024-11-21 N/A
Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2
CVE-2018-17949 1 Microfocus 1 Imanager 2024-11-21 N/A
Cross site scripting vulnerability in iManager prior to 3.1 SP2.
CVE-2018-17948 1 Microfocus 1 Access Manager 2024-11-21 N/A
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
CVE-2018-12480 1 Microfocus 1 Access Manager 2024-11-21 N/A
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
CVE-2018-12469 1 Microfocus 2 Enterprise Developer, Enterprise Server 2024-11-21 N/A
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
CVE-2018-12468 1 Microfocus 1 Groupwise 2024-11-21 N/A
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server. In certain circumstances this could result in remote code execution.
CVE-2018-12465 1 Microfocus 1 Secure Messaging Gateway 2024-11-21 N/A
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
CVE-2018-12464 1 Microfocus 1 Secure Messaging Gateway 2024-11-21 N/A
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
CVE-2017-9285 2 Microfocus, Netiq 2 Edirectory, Edirectory 2024-11-21 N/A
NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when "ebaclient" was used, allowing unpermitted access to eDirectory services.
CVE-2017-9283 1 Microfocus 1 Visibroker 2024-11-21 N/A
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
CVE-2017-9282 1 Microfocus 1 Visibroker 2024-11-21 N/A
An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.
CVE-2017-9281 1 Microfocus 1 Visibroker 2024-11-21 N/A
An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service.
CVE-2017-9273 1 Microfocus 2 Bi-directional Driver, Identity Manager 2024-11-21 N/A
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
CVE-2017-9272 1 Microfocus 2 Bi-directional Driver, Identity Manager 2024-11-21 N/A
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.
CVE-2017-8993 1 Microfocus 1 Project And Portfolio Management 2024-11-21 N/A
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found.
CVE-2017-7429 2 Microfocus, Netiq 2 Edirectory, Edirectory 2024-11-21 N/A
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
CVE-2017-7424 1 Microfocus 2 Enterprise Developer, Enterprise Server 2024-11-21 N/A
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7423 1 Microfocus 2 Enterprise Developer, Enterprise Server 2024-11-21 N/A
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
CVE-2017-7422 1 Microfocus 2 Enterprise Developer, Enterprise Server 2024-11-21 N/A
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.