CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11669
https://notcve.org/view.php?id=CVE-2019-11669
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data. Una casilla de comprobación de solo lectura modificable en Micro Focus Service Manager, versiones 9.60p1, 9.61, 9.62. Esta vulnerabilidad podría explotarse para permitir la modificación no autorizada de datos. • https://softwaresupport.softwaregrp.com/doc/KM03517334 •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2019-11668
https://notcve.org/view.php?id=CVE-2019-11668
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Una cookie HTTP en el administrador de Micro Focus Service, versiones 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Y Micro Focus Service Manager Chat Server, versiones 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. • https://softwaresupport.softwaregrp.com/doc/KM03517335 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11658
https://notcve.org/view.php?id=CVE-2019-11658
Information exposure in Micro Focus Content Manager, versions 9.1, 9.2 and 9.3. This vulnerability when configured to use an Oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. Una exposición de información en Micro Focus Content Manager, versiones 9.1, 9.2 y 9.3. Esta vulnerabilidad cuando esta configurado para utilizar una base de datos de Oracle, permite a usuarios válidos del sistema conseguir acceso a un subconjunto limitado de registros a los que normalmente no son capaces de acceder cuando el sistema se encuentra en un estado anormal no revelado. • https://softwaresupport.softwaregrp.com/doc/KM03496282 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.6EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11654 – A path traversal vulnerability has been identified in Verastream Host Integrator
https://notcve.org/view.php?id=CVE-2019-11654
Path traversal vulnerability in Micro Focus Verastream Host Integrator (VHI), versions 7.7 SP2 and earlier, The vulnerability allows remote unauthenticated attackers to read arbitrary files. Vulnerabilidad transversal de ruta en Micro Focus Verastream Host Integrator (VHI), versiones 7.7 SP2 y anteriores. La vulnerabilidad permite a atacantes remotos no autenticados leer archivos arbitrarios. • https://support.microfocus.com/kb/doc.php?id=7024061 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11652
https://notcve.org/view.php?id=CVE-2019-11652
A potential authorization bypass issue was found in Micro Focus Self Service Password Reset (SSPR) versions prior to: 4.4.0.3, 4.3.0.6, and 4.2.0.6. Upgrade to Micro Focus Self Service Password Reset (SSPR) SSPR versions 4.4.0.3, 4.3.0.6, or 4.2.0.6 as appropriate. Se encontró un problema potencial de omisión de autorización en Micro Focus Self Service Password Reset (SSPR), versiones anteriores a: 4.4.0.3, 4.3.0.6 y 4.2.0.6. Actualización para Micro Focus Self Service Password Reset (SSPR) versiones de SSPR 4.4.0.3, 4.3.0.6 o 4.2.0.6 según corresponda. • https://www.netiq.com/documentation/self-service-password-reset-42/release-notes-sspr42-p6/data/release-notes-sspr42-p6.html https://www.netiq.com/documentation/self-service-password-reset-43/release-notes-sspr-43-p3/data/release-notes-sspr-43-p3.html https://www.netiq.com/documentation/self-service-password-reset-44/release-notes-sspr-44-p3/data/release-notes-sspr-44-p3.html •