CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11860
https://notcve.org/view.php?id=CVE-2020-11860
17 Nov 2020 — Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS) Una vulnerabilidad de tipo Cross-Site Scripting en el producto Micro Focus ArcSight Logger, que afecta a todas las versiones anteriores a 7.1.1. La vulnerabilidad podría ser explotada remotamente resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25834
https://notcve.org/view.php?id=CVE-2020-25834
17 Nov 2020 — Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS). Una vulnerabilidad de tipo Cross-Site Scripting en el producto Micro Focus ArcSight Logger, afectando a versión 7.1. La vulnerabilidad podría ser explotada remotamente resultando en una vulnerabilidad de tipo Cross-Site Scripting (XSS) • https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-1-1/ta-p/2837600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25837
https://notcve.org/view.php?id=CVE-2020-25837
05 Nov 2020 — Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. Vulnerabilidad de divulgación de información confidencial en el producto Micro Focus Self Service Password Reset (SSPR). La vulnerabilidad afecta a las versiones 4.4.0.0 hasta 4.4.0.6 y 4.5.0.1 y 4.5.0.2. • https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p7/data/release-notes-sspr-44-p7.html •
CVSS: 7.8EPSS: 4%CPEs: 20EXPL: 1CVE-2020-11858 – Code execution with escalated privilegesn vlnerability in Operation bridge Manager and Operations Bridge (containerized) products.
https://notcve.org/view.php?id=CVE-2020-11858
27 Oct 2020 — Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code w... • https://packetstorm.news/files/id/161411 •
CVSS: 10.0EPSS: 91%CPEs: 24EXPL: 1CVE-2020-11854 – Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
https://notcve.org/view.php?id=CVE-2020-11854
27 Oct 2020 — Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.... • https://packetstorm.news/files/id/161182 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 91%CPEs: 36EXPL: 2CVE-2020-11853 – Arbitrary code execution vulnerability on multiple Micro Focus products
https://notcve.org/view.php?id=CVE-2020-11853
22 Oct 2020 — Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) • https://packetstorm.news/files/id/161182 •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2020-11856 – Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-11856
22 Sep 2020 — Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. Una vulnerabilidad de ejecución de código arbitraria en Micro Focus Operation Bridge Reporter, afectando a la versión 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de OBR This vulnerability allows... • https://softwaresupport.softwaregrp.com/doc/KM03710590 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 65%CPEs: 1EXPL: 1CVE-2020-11857 – Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-11857
22 Sep 2020 — An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user Una vulnerabilidad de Omisión de Autorización en Micro Focus Operation Bridge Reporter, afectando a versiones 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes remotos acceder al host de OBR como un usuario no administrador This vulnerability allows remote attackers to execute arbitr... • https://packetstorm.news/files/id/162407 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.4EPSS: 3%CPEs: 1EXPL: 0CVE-2020-11855 – Micro Focus Operations Bridge Reporter HPE-OBR Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-11855
22 Sep 2020 — An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. Una vulnerabilidad de Omisión de Autorización en Micro Focus Operation Bridge Reporter, afectando a versiones 10.40 y anteriores. La vulnerabilidad podría permitir a atacantes locales en el host OBR ejecutar código con privilegios escalados This vulnerability allows local attackers to... • https://softwaresupport.softwaregrp.com/doc/KM03710590 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11861
https://notcve.org/view.php?id=CVE-2020-11861
18 Sep 2020 — Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. Una vulnerabilidad de escalada de privilegios local no autorizada en Micro Focus Operation Agent, que afecta a todas las versiones anteriores a la versión 12.11. La vulnerabilidad podría ser explotada para escalar los privilegios locales y conseguir acceso root e... • https://softwaresupport.softwaregrp.com/doc/KM03709900 •