CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2020-9524
https://notcve.org/view.php?id=CVE-2020-9524
18 May 2020 — Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). Una vulnerabilidad de tipo Cross Site scripting en Micro Focus Enterprise Server y el desarrollador Enterprise, afecta a todas las versiones anteriores a 5.0 ... • https://softwaresupport.softwaregrp.com/doc/KM03640252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11842
https://notcve.org/view.php?id=CVE-2020-11842
04 May 2020 — Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. Una vulnerabilidad de divulgación de Información en el producto Micro Focus Verastream Host Integrator (VHI), afectando a las versiones anteriores a la versión 7.8 Update 1 (7.8.49 o 7.8.0.49). La vulnerabilidad permite a un atacante ... • https://support.microfocus.com/kb/doc.php?id=7024567 •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2020-9523
https://notcve.org/view.php?id=CVE-2020-9523
17 Apr 2020 — Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empres... • https://softwaresupport.softwaregrp.com/doc/KM03634936 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-9521
https://notcve.org/view.php?id=CVE-2020-9521
26 Mar 2020 — An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. Se detectó una vulnerabilidad de inyección SQL en Micro Focus Service Manager Automation (SMA), afectando a las versiones 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. La vuln... • https://softwaresupport.softwaregrp.com/doc/KM03630615 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9520
https://notcve.org/view.php?id=CVE-2020-9520
25 Mar 2020 — A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser. Se detectó una vulnerabilidad de tipo XSS almacenado en Micro Focus Vibe, afectando todas las versiones de Vibe anteriores a 4.0.7. La vulnerabi... • http://seclists.org/fulldisclosure/2020/Mar/50 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9518
https://notcve.org/view.php?id=CVE-2020-9518
16 Mar 2020 — Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. Una vulnerabilidad del filtro de inicio de sesión que puede acceder los archivos de configuración en Micro Focus Service Manager (Web Tier), afectando a las versiones 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podría ser explotada para permitir acceso no a... • https://softwaresupport.softwaregrp.com/doc/KM03607792 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9519
https://notcve.org/view.php?id=CVE-2020-9519
16 Mar 2020 — HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. Una vulnerabilidad de métodos HTTP revelados en los servicios Web en el administrador de Micro Focus Service (server), afectando a las versiones 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. La vulnerabilidad podría ser explotada para permitir una exposición de... • https://softwaresupport.softwaregrp.com/doc/KM03607789 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9517
https://notcve.org/view.php?id=CVE-2020-9517
09 Mar 2020 — There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks. Se presenta una restricción inapropiada de las capas de la Interfaz de Usuario renderizadas o una vulnerabilidad de marcos en Micro Focus Service Manager Release Control versiones 9.50 y 9.60. La vulnerabilidad puede resultar en la capacidad de usuarios maliciosos par... • https://softwaresupport.softwaregrp.com/doc/KM03604692 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11657
https://notcve.org/view.php?id=CVE-2019-11657
17 Dec 2019 — Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack. Vulnerabilidad de tipo Cross-Site Request Forgery en todo Micro Focus ArcSight Logger afectando a todas las versiones del producto por debajo de la versión 7.0. La vulnerabilidad podría ser explotada para lleva a cabo un ataque de tipo CSRF. • https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17087
https://notcve.org/view.php?id=CVE-2019-17087
11 Dec 2019 — Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. Una vulnerabilidad de descarga de archivos no autorizada en todas las versiones compatibles de Micro Focus AcuToWeb. La vulnerabilidad podría ser explotada para enumerar y descargar archivos desde el sistema de archivos que ejecuta AcuTo... • https://softwaresupport.softwaregrp.com/doc/KM03569662 •