CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11850 – Cross site scripting vulnerability in Self Service Password Reset
https://notcve.org/view.php?id=CVE-2020-11850
21 Aug 2024 — Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 • https://www.netiq.com/documentation/self-service-password-reset-45/sspr-4502-release-notes/data/sspr-4502-release-notes.html#b149gz5h • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25835 – Micro Focus ArcSight Management Center Remote Vulnerability
https://notcve.org/view.php?id=CVE-2020-25835
09 Dec 2023 — A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). Se ha identificado una vulnerabilidad potencial en Micro Focus ArcSight Management Center. La vulnerabilidad podría explotarse de forma remota, lo que daría como resultado Cross-Site Scripting (XSS) almacenado. • https://community.microfocus.com/cfs-file/__key/communityserver-wikis-components-files/00-00-00-00-29/5037.ArcMC_5F00_RelNotes_5F00_2_2D00_9_2D00_6.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32268 – Administrator equivalent Filr user can access proxy administrator credentials
https://notcve.org/view.php?id=CVE-2023-32268
06 Dec 2023 — Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Exposición de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy. • https://portal.microfocus.com/s/article/KM000020081?language=en_US • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5913 – A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.
https://notcve.org/view.php?id=CVE-2023-5913
08 Nov 2023 — Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. Vulnerabilidad de asignación de privilegios incorrecta en texto abierto Fortify ScanCentral DAST. La vulnerabilidad podría aprovecharse para obtener privilegios elevados. Este problema afecta a Fortify ScanCentral DAST versiones 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22... • https://portal.microfocus.com/s/article/KM000023500?language=en_US • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.2EPSS: 0%CPEs: 13EXPL: 0CVE-2023-4964 – Potential open redirect vulnerability in opentext SMAX and AMX product.
https://notcve.org/view.php?id=CVE-2023-4964
30 Oct 2023 — Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. Posible vulnerabilidad de redireccionamiento abierto en opentext Service Management Automation X (SMAX) versiones 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2... • https://portal.microfocus.com/s/article/KM000022703?language=en_US • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2023-4501 – Authentication bypass in OpenText (Micro Focus) Enterprise Server
https://notcve.org/view.php?id=CVE-2023-4501
12 Sep 2023 — User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is c... • https://portal.microfocus.com/s/article/KM000021287 • CWE-253: Incorrect Check of Function Return Value CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32267 – OpenText / Micro Focus ArcSight Management Center Remote Vulnerability
https://notcve.org/view.php?id=CVE-2023-32267
11 Aug 2023 — A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited. Se ha identificado una vulnerabilidad potencial en ArcSight Management Center de OpenText y Micro Focus. La vulnerabilidad podría ser explotada de forma remota. • https://portal.microfocus.com/s/article/KM000020296?language=en_US •
CVSS: 7.1EPSS: 0%CPEs: 15EXPL: 0CVE-2023-32265 – Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.
https://notcve.org/view.php?id=CVE-2023-32265
20 Jul 2023 — A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus D... • https://portal.microfocus.com/s/article/KM000019323?language=en_US •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32263 – Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3
https://notcve.org/view.php?id=CVE-2023-32263
19 Jul 2023 — A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials. https://www.jenkins.io/security/advisory/2023-06-14/ • https://plugins.jenkins.io/dimensionsscm •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32262 – Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3
https://notcve.org/view.php?id=CVE-2023-32262
19 Jul 2023 — A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allow... • https://plugins.jenkins.io/dimensionsscm •