CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24470
https://notcve.org/view.php?id=CVE-2023-24470
Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. • https://portal.microfocus.com/s/article/KM000018224?language=en_US https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes https://www.microfocus.com/support/downloads/%2C • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24469
https://notcve.org/view.php?id=CVE-2023-24469
Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 • https://portal.microfocus.com/s/article/KM000018224?language=en_US%2C https://www.microfocus.com/documentation/arcsight/logger-7.3/logger-7.3-release-notes https://www.microfocus.com/support/downloads • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38757 – CVE-2022-38757 ZENworks
https://notcve.org/view.php?id=CVE-2022-38757
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator. Se ha identificado una vulnerabilidad en Micro Focus ZENworks 2020 Update 3a y versiones anteriores. Esta vulnerabilidad permite a los administradores con derechos para realizar acciones (por ejemplo, instalar un paquete) en un conjunto de dispositivos administrados, poder ejercer estos derechos en dispositivos administrados en la zona de ZENworks pero que están fuera del alcance del administrador. • https://kmviewer.saas.microfocus.com/#/PH_206719 https://kmviewer.saas.microfocus.com/#/PH_206720 https://portal.microfocus.com/s/article/KM000012895?language=en_US • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38756 – CVE-2022-38756 vulnerability in GW Web prior to 18.4.2
https://notcve.org/view.php?id=CVE-2022-38756
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. Se ha identificado una vulnerabilidad en Micro Focus GroupWise Web en versiones anteriores a la 18.4.2. El componente web de GW realiza una solicitud al Agente de la oficina postal que contiene información confidencial en los parámetros de consulta que podrían registrar los servidores proxy HTTP que intervienen. Micro Focus GroupWise is a messaging software for email and personal information management. • http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html http://seclists.org/fulldisclosure/2023/Jan/28 https://portal.microfocus.com/s/article/KM000012374?language=en_US • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38754 – CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-38754
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. • https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes https://portal.microfocus.com/s/article/KM000012517?language=en_US https://portal.microfocus.com/s/article/KM000012518?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •